Skip to content

Privacy by design and privacy by default

In this module, the principles of data protection by design and default are explained in more detail. The background, purpose and meaning of these principles are discussed. Participants in this module can translate these principles into their own organization in such a way that the means by which the processing of personal data is carried out as well as the processing themselves comply with these principles. They can also assess the means by which the processing of personal data is carried out and the associated procedures and measures to the extent to which they comply with the principles of data protection by design and default. They are also able to formulate requirements in, for example, tendering procedures for the purchase or development of information systems.

Teacher: André Biesheuvel

Starts: April 20, 2023

Duration: part of the day (10:00 to 14:00)

Investment: €500, – excl. VAT


Data protection by design and by default, as referred to in Article 25 of the GDPR (hereinafter referred to as DPbDD), explicitly focuses on data protection principles and the rights and freedoms of the individual (the data subject). For corporate leadership and management, DPbDD starts with understanding the data protection principles, which are often explained by the Data Protection Officer.

The measures to be taken are appropriate and safeguard the effectiveness of data protection principles and thus the rights and freedoms of individuals. There is nothing to prevent management from applying such measures to protect company data.

Data protection principles are given early attention in the change, design, purchase and/or development process for organizing business activities. If the principles are fundamentally anchored in the organization and business processes, then it is also possible that the business administration can meet the accountability requirement; the company management expresses an opinion on the effectiveness of the control measures taken aimed at legal and contractual obligations, in particular data protection.

DPbDD covers the entire responsibility and liability domain of the company. It concerns the holding company and the subsidiaries plus the processors and further processors of personal data of the group. It is not surprising that the legislator recommends certification and codes of conduct to the controller in order to put together a workable and effective structure.

Obligations associated with this part

To fulfill the obligations under this section, you must:

  • Make a diagnostic test, in preparation for the subject matter to be followed;
  • Take a diagnostic test after the self-study, which must be completed with a pass. This is a condition for participation in the workshop;
  • To be present during the workshop;
  • A final exam with a passing mark.

Study load

The self-study takes about 16 hours, the workshop takes about 4 hours and the final exam takes about 2 hours.

Investment and sign up

After registration you will have direct access to the course in our learning environment. The total costs for the module are €500 (excluding VAT and per person). Participants of the Center for Information Security and Privacy Protection (CIP) and the The Hague Security Delta receive a 15% discount on the entire training offer. Contact our service desk.

Private individuals and government institutions are exempt from VAT.


Fill in the form below and we will contact you to discuss the possibilities. Our training courses are always tailor-made. We are happy to take your specific wishes into account.

    Do you have questions or need an appointment?

    Feel free to contact us at +31 (0) 70 392 22 09 or Make an appointment with one of our training advisors.