103Data protection by design
This section has no associated Explanatory Notes
(1)Where a controller proposes that a particular type of processing of personal data be carried out by or on behalf of the controller, the controller must, prior to the processing, consider the impact of the proposed processing on the rights and freedoms of data subjects.
(2)A controller must implement appropriate technical and organisational measures which are designed to ensure that—
(a)the data protection principles are implemented, and
(b)risks to the rights and freedoms of data subjects are minimised.