Data Protection By Design and Default

On the 25th of May 2018, the new General Data Protection Regulation (“GDPR”) will become applicable law in all European member states, which will have profound impact on all businesses with a part of their business model being digital.

One of the unprecedented news in the GDPR is the general obligation of businesses that controls personal data (“Data Controllers”) to implement data protection principles not only in the course of their operations, but also during the development of new products, services, business functions, etc.

Data protection by design starts when the Data Controller determines how the processing of personal data will be performed, in other words who will do it and how. By taking into account the likelihood and severity of the risks with processing the personal data, and the cost and effort involved in mitigating the risks, the Data Controller shall implement appropriate technical and organisational measures (such as for instance restricted internal physical and digital access to the personal data).

As with many other of the obligations under the GDPR, the Data Controller is responsible for documenting this work.

Data protection by default means that the default settings for the product or service ensures that only personal data which are necessary for each specific purpose are processed. A typical example of when this is not achieved is when users can input free text, and then proceed to tell their life stories, when the Data Controller has no interest in or use for this information at all – the data controller will then be responsible for protecting this potentially very sensitive information with adequate technical and organisational measures.

Adhering to data protection by design and default is as much in the data controller’s own business interest as it is in their interest to be compliant with the GDPR, as data protection by design and default can save the data controller much time, effort, and expenses in later stages of the data processing lifecycle.

For further information, please contact Ida Häggström, Vencel Hodák or Niels Dahl-Nielsen.

Nyheter og innsikt

Synch acted as legal advisor to Open Payments in connection with financing


The capital will be used to grow the team and launch the platform in the Nordic and European market.

Nyheter Nyheter

Synch is shortlisted in The Lawyer European Awards 2019


We are proud to be nominated in the category ‘Most innovative technology initiative’.


Synch acted as legal advisor to Pickit in connection with financing


Pickit was recently awarded as the “People’s Choice” and “Best User Experience” at the 2018 Office App Awards.


Robotics, AI and Future of Law – a book about the use of new technologies in the legal profession


Synch’s Dena Dervanović has written a chapter engaged into a thought experiment on the possibility of creating highly skilled AI lawyers that could potentially replace human lawyers.


Viveca Fallenius guest lecturer at Bond University, Sydney


For the second time Viveca is invited as a guest speaker in the course The Digital Lawyer at Bond university, Sydney, Australia.


LEGAL AI BLOG – Blockchain, Smart Contracts and AI in the Legal Market


Read the reflections on Blockchain, Smart Contracts and AI in the Legal Market written by Jennie Gunnarsson, lawyer at Synch.