Perhaps as well as being cognizant of the potential misuse of data we look to
emerging legislation on data protection such as that being put forward in the
EU’s General Data Protection Regulation (GDPR).
The fundamental tenant of the GDPR is “to give control back to citizens and residents over their personal data”. To deliver this, the onus falls squarely on the data controller who “should implement measures which meet the principles of data protection by design and data protection by default”.