Data protection by design and default

Data protection by design and default means that whenever we start thinking about developing new systems, services, processes or ways of working that we think carefully about any personal information that we might be using. We make sure that personal information will be used appropriately and taken care of throughout the lifecycle.

Thinking about data protection and privacy is a key part of the design stage and should include:

  • minimising risks to individual privacy
  • avoiding unnecessary intrusion into individual’s lives and activities
  • making sure we only use the information we really need to do the job
  • clear information for people whose information is being used
  • providing people with choices about their information where possible
  • keeping the information secure

Keeping information secure includes technology like passwords, but also measures like locking paperwork away, or making sure doors with keypad entry aren’t propped open. It can mean having documents like contracts or Data Sharing Agreements to set out clearly how information will be used and managed. It also means ensuring that everyone who works with personal information understands their responsibilities.


There are lots of different tools that can be used to design data protection into ways of working. These include:

Arrow symbol
Contact us
Information Assurance Manager
Telephone: 01206 874853