By default, companies and organisations should ensure that personal data is processed with the highest privacy protection (e.g. only the data necessary should be processed, short storage period, limited accessibility) so that, by default, personal data isnot accessible to an indefinite number of persons.