§ 71 BDSG

Data protection by design and by default

(1)The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures designed to implement data protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards into the processing.

(2)The controller shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation shall apply to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons.

Version Note

GII-Quelle (gesetze-im-internet.de) enthält Stand 06.05.2024. Die Änderung vom 01.01.2025 (BBVAnpÄndG 2023/2024, BGBl. 2024 I Nr. 283, Art. 10) betrifft §§ 10, 12, 13, 14, 15 (BfDI-Verwaltungsvorschriften zu Amtsbezügen). Keine inhaltlichen Datenschutzbestimmungen betroffen. Aktualisierung erfolgt bei nächstem GII-XML-Update.

Pending Amendment

BGBl. 2024 I Nr. 283 (BBVAnpÄndG 2023/2024) — in Kraft ab 01.01.2025 — betrifft §§ 10, 12-15

Source:: gesetze-im-internet.de (nur informatorisch — recht.bund.de ist seit 2023 die amtliche Quelle)
Citation:: BGBl I 2017, 2097
As of:: 2024-05-06
Retrieved:: 2026-02-25