103Data protection by design
This
adran has no associated
Nodiadau Esboniadol
(1)Where a controller proposes that a particular type of processing of personal data be carried out by or on behalf of the controller, the controller must, prior to the processing, consider the impact of the proposed processing on the rights and freedoms of data subjects.
(2)A controller must implement appropriate technical and organisational measures which are designed to ensure that—
(a)the data protection principles are implemented, and
(b)risks to the rights and freedoms of data subjects are minimised.