In the process of collecting and managing the consent to the processing of data, the GDPR takes up and takes two very important concepts on board, namely those of "Privacy by default" and "Privacy by design". The protection of personal data - it is the basic idea of the legislation - must be considered upstream of the design of a service.
"Privacy by default" means the principle by which, by default, only "personal data necessary for each specific purpose of processing" (art. 25 GDPR) must be processed. Also, the other principle mentioned in the GDPR is very interesting, that is the one that refers to "Privacy by design", according to which the protection of privacy must be taken into consideration right from the design phase of a system that includes the data collection of users.
Therefore, in order to guarantee the two principles, measures, which provide «minimizing the processing of personal data, pseudonymization of the personal data as soon as possible, offering transparency with regard to the functions and processing of personal data, and allowing the interested party to control the processing of data and allow the data controller to create and improve security features» must be predicted.