Data Protection by Design and by Default

DataExchange is build on the principles of Privacy by Design.

Privacy is not bolt-on, its baked-in.

What is GDPR?

The General Data Protection Regulation (Regulation (EU) 2016/679) strengthens and unifies existing data protection legislation across the European Union, granting new rights to people and enforces now responsibilities on data controllers and data processors. The legislation revolves around 6 main principles of personal data, which must be...

Lawful Processing

... processed lawfully, fairly and in a transparent manner

Legitimate Purpose

... collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes


... adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed


... accurate and, where necessary, kept up to date using every reasonable step to do so


... ensure appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage


... allow identification of data subjects for no longer than necessary for the purposes for which the personal data are processed


Where can I learn about GDPR?

Don't feel like reading the legislation? There are numerous places that offer free or inexpensive ways and resources to learn more about GDPR. For example, we highly recommend the Information Commissioner's Office (ICO) guide. The ICO upholds information rights in the public interest for the UK, and produce lots of great materials for individuals, businesses, schools, etc.

When will GDPR affect me?

Now. GDPR will already be having an effect on you, even if you aren't aware of it. All companies who hold personal data on EU citizens are (or should be) working toward compliance before GDPR becomes enforceable in the UK on the 25th May 2018. This involves re-establishing the lawful basis for processing data, providing mechanisms for protecting the rights of individuals, and documenting process to be transparent and accountable.


How does DataExchange help with GDPR?

Compliance with GDPR requires data controllers and processors to demonstrate appropriate measures have been taken to protect personal data. To this end, Recital 78 directs data controllers toward applications that are built on the principles of data protection by design and data protection by default (i.e. privacy by design). DataExchange was developed following the seven foundational principles of privacy by design, and published our approach in the IEEE Frontiers and Advances in Data Science. You can read our paper for free by filling out the form below.

Get your copy of DataExchange: Privacy by Design for Data Sharing in the Education

DataExchange is a data integration and sharing platform built on the concept of privacy by design. Using internationally reviewed open education data and communication standards, DataExchange uses attribute-level privacy controls to improve visibility of data requirements, facilitate access based on explicit authorization, and provides transparency as to what data is shared.