AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Privacy Program Automation

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal orchestration

Data Removal

Introducing end-to end automation of personal data removal

Services

State-of-Privacy-Assessment (SOPA)

Support

Professional Services

Pricing plans

Talk to sales

Resources

Latest Blog posts

Croatian DPA – AZOP imposed €380,000 GDPR fine on Sports Betting Company

18/05/2023

Croatian DPA AZOP imposed 2.26 million GDPR fine on the debt collection agency

05/05/2023

Learn the terms

Data Governance

Cybersecurity

Information Privacy

California Consumer Privacy Act (CCPA)

EU-US Privacy Shield

Data Removal

Data Graveyard

Legal Basis for Processing

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

The Value of Data Discovery Solution In Pharmaceutical Industry

22/03/2023

Data Discovery Brochure

14/12/2022

Partners

Become a partner

About us

Careers

General Data Protection Regulation (GDPR)

GDPR

>

Chapter 4 >

Art. 25 — Data protection by design and by default

Article 25

Data protection by design and by default

Chapter 4

Taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing, the controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of this Regulation and protect the rights of data subjects.
¹The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. ²That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. ³In particular, such measures shall ensure that by default personal data are not made accessible without the individual’s intervention to an indefinite number of natural persons.
An approved certification mechanism pursuant to Article 42 may be used as an element to demonstrate compliance with the requirements set out in paragraphs 1 and 2 of this Article.

Focus on your priorities

Find a plan that's right for you