Canadian organizations operating in Europe should also be aware that Privacy by Design is an explicit
            legal obligation under the GDPR (General Data Protection Regulation). Article 25 of the GDPR imposes
            a duty on controllers to put in place technical and organizational measures that effectively implement
            data protection principles and integrate necessary safeguards into the processing of personal data to
            ensure  protection  of  data  subjects’  rights.  Pseudonymization  and  data  minimization  are  explicitly
            mentioned as examples of appropriate measures.

            Privacy by Design is a comprehensive and proactive approach to privacy that recognizes the importance
            of embedding privacy considerations into all aspects of information technology, networked data, and all
            organization.





             About the Author

            Danijela  is  a  lawyer  with  significant  experience  in  solving  complex
            business  challenges.  She  has  a  general  corporate  practice,  with
            expertise in privacy law, regulatory compliance, risk management and
            corporate governance. Her clients range from medium size businesses
            to multi-national conglomerates. Danijela holds an engineering degree,
            having graduated with distinction from University of Waterloo, and has
            significant experience as an engineer at a top-tier energy corporation.
            She earned her Juris Doctorate degree from Osgoode Hall Law School.
            Danijela’s  commercial  insight  and  technical  know-how  allow  her  to
            deliver practical solutions to clients. She is currently based in Toronto,
            Canada.

































                                                                                                             107