Privacy by Design is pivotal to the GDPR and so, board members and C-suite executives must understand all requirements of the GDPR. Privacy by Design will put the responsibility on businesses to ensure that they have policies that are compliant and that they implement the correct procedures and systems from the moment any products or processes are developed. Every single area or department of a business that handles personal data, regardless of the stage of its lifestyle, must ensure that data remains secure and that they have been given permission to use it in the way that it was originally intended. A Data Protection Impact Assessment (DPIA) bust be undertaken by businesses when they begin using new technologies and in particular, when processing it is highly likely to result in there being a high risk to the rights and freedoms of individuals. This high risk could relate to information that contains special categories of data, which could include criminal convictions or disabilities.