Learn the vocabulary of privacy by design: data minimisation, purpose limitation, privacy defaults, and DPIA language.
0 / 5 completed
1 / 5
Privacy by Design means:
Privacy by Design (PbD) treats privacy as a foundational requirement — it is built into the system architecture from the start, not retrofitted after launch.
2 / 5
The GDPR 'purpose limitation' principle means:
Purpose limitation (Article 5(1)(b)) requires that data be used only for the specific purpose it was collected for. Using it for a new purpose requires a separate legal basis.
3 / 5
A Data Protection Impact Assessment (DPIA) is required when:
DPIAs are mandatory for processing likely to cause high risk to individuals — such as profiling, large-scale health data processing, or systematic public monitoring.
4 / 5
In a DPIA, 'residual risk' refers to:
After applying all feasible risk mitigation measures, residual risk is what remains. If residual risk is high and cannot be reduced, the supervisory authority must be consulted before proceeding.
5 / 5
Pseudonymisation differs from anonymisation in that:
Pseudonymous data replaces direct identifiers with pseudonyms but retains a mapping table — it remains personal data under GDPR. Truly anonymous data has no way to re-identify individuals.