Focus areas when implementing data protection by design and by default in 2026

Data protection by design and by default is one of the most widely accepted principles of the EU General Data Protection Regulation, yet nearly a decade after the regulation's adoption, its real-world implementation remains conversely implemented and inconsistently evidenced. 

Article 25(1) of the GDPR requires controllers to put in place appropriate technical and organizational measures designed to implement the data protection principles and integrate safeguards into processing and protect data subject rights. 

Four assessment factors — state of the art, cost of implementation, processing context and risks to individuals — can be considered collectively to determine whether the measures are appropriate and systems adequately embody data protection by design and by default. 

In 2026, implementing data protection by design and by default is expected to require a separate approach for each of these four factors due to technological developments and current regulatory practices. 

The importance of this concept is justified by the emergence of new regulatory initiatives in most jurisdictions around the world. Current trends lean toward detailed models of artificial intelligence regulation rather than general formulations. Such regulatory initiatives place the burden on businesses that use AI systems, namely the need to conduct structured risk assessments, document the principles of operation and intended purpose of AI systems, track training data, and implement control mechanisms when AI systems are involved in making decisions regarding the rights or interests of individuals. 

Further development of the regulatory framework is expected to impose a new obligation on organizations regarding the use of AI systems. It is in this context that the implementation of the data protection by design and by default principle will require a more comprehensive approach, taking into account the technical characteristics of the systems, the nature of the development and use of AI technologies.