Which statement best defines privacy by design in MDC3?

Privacy by design means embedding privacy protections into the system from the very beginning of the design and development process. It involves building in data minimization, strong access controls, secure data handling, and privacy-preserving defaults so users’ information is protected by default. The best statement captures this proactive, built-in approach by saying privacy controls are integrated into system design from the outset. Adding privacy after deployment is retroactive and can leave data exposed; privacy cannot be treated as optional if security is strong, and audits alone don’t create privacy in the design—they verify aspects later rather than shaping the architecture from the start.