The document reflects on the first six months of the GDPR's implementation in the EU, highlighting ongoing issues such as insufficient staff at data protection authorities and continued corporate non-compliance. It notes significant data breaches affecting major companies, raising concerns about the effectiveness of GDPR protections. The author emphasizes the importance of 'privacy by design' and the shared responsibility of developers to ensure data security.

1. GDPR
PRIVACY BY DESIGN
A reflection of 6 months GDPR in EU

2. MICHELANGELO VAN DAM
I'm a senior #php architect, co-founder
and #ceo of @in2itvof, #community leader
at @phpbenelux, coach
at @CoderDojoBelgium, #MVP, #digitalnomad,
likes #coffee.

3. GDPR
WHAT WAS GDPR AGAIN?

4. GDPR
WHAT WAS GDPR AGAIN?
Regulate the privacy of EU data subjects

5. GDPR
WHAT WAS GDPR AGAIN?
Regulate the privacy of EU data subjects
Sanction corporations in violation of GDPR

6. GDPR
WHAT WAS GDPR AGAIN?
Regulate the privacy of EU data subjects
Sanction corporations in violation of GDPR
Offer a privacy framework for businesses

7. GDPR
6 MONTHS LATER…

8. GDPR
6 MONTHS LATER…
Lots of consent e-mailsX

9. GDPR
6 MONTHS LATER…
Lots of consent e-mailsX
Insufficient staff at DPA’sX

10. GDPR
6 MONTHS LATER…
Lots of consent e-mailsX
Insufficient staff at DPA’sX
Businesses still neglect regulationX

11. IS GDPR A FUD?

12. IS GDPR A FUD?
Promise to increase staff?

13. IS GDPR A FUD?
Promise to increase staff?
More compliance control?

14. IS GDPR A FUD?
Promise to increase staff?
More compliance control?
Other GDPR-like regulations outside of EU?

15. DATA BREACH PROTECTION?

16. DATA BREACH PROTECTION?
Cases against Facebook, Google & Microsoft

17. DATA BREACH PROTECTION?
Cases against Facebook, Google & Microsoft
Warnings given for EU violations

18. DATA BREACH PROTECTION?
Cases against Facebook, Google & Microsoft
International violations not consideredX
Warnings given for EU violations

19. STATISTICS
Breaches reported between May 25 2018 and January 28 2019
0
4000
8000
12000
16000
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czechia
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Ireland
Italy
Latvia
Lithuania
Luxembourg
Malta
Netherlands
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
UK
Source: BleepingComputer

20. PERSONAL BREACHES

21. ๏ Sales Intelligence business
๏ Breached on July 23, 2018
๏ 200+ Million records
๏ Data aggregator
PERSONAL BREACHES

22. NO PERSONAL NOTIFICATION

24. “Action from Europe not possible”

25. “Action from Europe not possible”
“Change your password”

27. THIS GDPR ISSUE WAS FEATURED ON
TROYHUNT.COM

28. ๏ Global hotel chain
๏ November 19, 2018
๏ 500+ Million records breached
๏ Data includes passport numbers
PERSONAL BREACHES

31. “GBA does not have any information”

32. “GBA does not have any information”
“Contact Starwood on their data
breach website”

34. WHY CARE?
It seems nothing changed and things
are what they were before GDPR

35. PROTECTION CORE
Individual

36. PROTECTION CORE
Individual
Finance
Health
Religion
Politics
Education
Sex
Identity
Relationship

39. THE LATEST BREACH

40. #ProTip:
Register with
haveibeenpwned.com to
be notified when your
data was found in a
breach

41. WE NEED PROTECTION!
Our identity is at stake!

42. PRIVACY BY DESIGN

43. Require minimal personal information
PRIVACY BY DESIGN

44. Require minimal personal information
PRIVACY BY DESIGN
Encryption on data, storage and networks

45. Require minimal personal information
PRIVACY BY DESIGN
Encryption on data, storage and networks
Remove data when no longer needed

46. INTERNATIONAL ADOPTION

47. INTERNATIONAL ADOPTION
Australia
India
US (California)
Canada
Argentina
Uruguay
New Zealand
South Africa

48. INTERNATIONAL ADOPTION

49. INTERNATIONAL ADOPTION
More countries are taking actions

50. IT’S UP TO THE DEVELOPERS!

51. IT’S UP TO THE DEVELOPERS!
Learn about (web application) security

52. IT’S UP TO THE DEVELOPERS!
Learn about (web application) security
Learn about encryption types & techniques

53. IT’S UP TO THE DEVELOPERS!
Learn about (web application) security
Learn about encryption types & techniques
Add more telemetry in your applications

54. GREENFIELD PROJECT

55. GREENFIELD PROJECT
User information

56. GREENFIELD PROJECT
User information
Location data

57. GREENFIELD PROJECT
User information
Location data
Advertisements

58. BROWNFIELD PROJECT

59. BROWNFIELD PROJECT
Customer data

60. BROWNFIELD PROJECT
Customer data
Financial records

61. BROWNFIELD PROJECT
Customer data
Financial records
Employee info

62. SUMMARY

63. SUMMARY
GDPR is here to stay

64. SUMMARY
GDPR is here to stay
Personal information protection goes global

65. SUMMARY
GDPR is here to stay
Personal information protection goes global
We all have a responsibility to protect data

66. REFERENCES
Article 25 GDPR ENISA Privacy By Design ICO Data protection

67. QUESTIONS?

68. QUESTIONS?
Slides online
slideshare.net/DragonBe

69. QUESTIONS?
Slides online
slideshare.net/DragonBe
Contact me
twitter.com/DragonBe