§ 47 LDSG SH
Data protection by design and by default
(1)The controller shall, both at the time of the determination of the means for processing and at the time of the processing itself, take appropriate measures which are designed to implement data protection principles, such as data minimisation, in an effective manner and to integrate the necessary safeguards to meet the statutory requirements and to protect the rights of data subjects. In doing so, the controller shall take into account the state of the art, the cost of implementation, the nature, scope, context and purposes of the processing as well as the varying likelihood and severity of the risks to the rights of data subjects associated with the processing. In particular, the processing of personal data and the selection and design of data processing systems shall be guided by the objective of processing as few personal data as possible. Personal data shall be anonymised or pseudonymised at the earliest possible point in time, insofar as the processing purpose allows.
(2)The controller shall take appropriate technical and organisational measures to ensure that, by default, only such personal data are processed as are necessary for each specific processing purpose. This shall apply to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, the measures must ensure that personal data are not made accessible by default to an indefinite number of persons without human intervention. zur Einzelansicht § 47