The GDPR requirement to build data protection into systems from the outset and to apply the most protective settings by default.
Privacy by design means embedding data protection into the design of processes and systems from the very start, rather than bolting it on later. Privacy by default means the most privacy-friendly settings apply automatically without the user having to act.
Together they shift privacy from an afterthought to a design constraint, supported by measures such as data minimization, pseudonymization, and access control.
Related frameworks
KaitoSec