SlideShare a Scribd company logo

Privacy by Design or Privacy by Re-engineering

Download as PPTX, PDF
A
Andre Cardinaal

This document discusses implementing privacy by design in software systems to comply with GDPR regulations. It recommends taking a proactive approach to privacy by embedding privacy principles into system design from the start. This includes performing data mapping and privacy impact assessments, considering privacy in requirements, design, development and deployment phases, and using techniques like anonymization, encryption and access controls. It emphasizes an iterative process of continuous evaluation and treating privacy as a non-functional requirement across the system development lifecycle.

1 of 14
Privacy by Design of Privacy by Re-engineering? Are your applications GDPR compliant? Andre Cardinaal Business Consultant @GDPR Coach andre.cardinaal@gdprcoach.nl
Agenda • Context - Why Privacy by Design(PbD) is imminent • Principles involved • Approaches to implement • Fit it into System Design • Methods of Madness • GDPR & Privacy by Design • Concept test - Scorecard
Why Privacy by Design • Prevention is better than cure! • Robust processes are key to sound business • Avoid legislative and statutory scrutiny • Avoid financial losses and penalties due to breaches • Increase brand equity by enhanced customer trust
Principles of Privacy by Design • Proactive not reactive — preventative not remedial • Lead with privacy as the default setting • Embed privacy into design • Retain full functionality (positive-sum, not zero-sum) • Ensure end-to-end security • Maintain visibility and transparency—keep it open • Respect user privacy—keep it user-centric
Approaches to implement PbD • Add Privacy requirements to system requirements for planning, costing, sprinting and quality outcomes • Data flow mappings as input to Architecture • PbD scorecard to be part of Definition of Done(DoD) • Compliance to privacy requirements, like security requirements, to be mandatory for production release
Foundational phases for PbD ANALYSYS DESIGN DEVELOP Technique • De-identification • Obfuscation • Anonymization • Encryption / Decryption Concept • Data Mapping • PIA Approach • Minimal Data • Limit to purpose • Limit retention • By / From retention
PbD from scratch Data Mapping • Understand Information Flow • Comprehend Information Flow • Segregate Data items • Data items • Formats • Transfer Methods • Location: From / To • Accountability • Access PIA • Gather Info & Generate Flow • Size and Scope • Consult with Stakeholders • Check flow against principles • Risk Management • Identify Risks • Identify Mitigation approach
System Design Requirements Analysis Design Development Deployment Maintenance/ Operation
System Design Requirements Analysis Design Development Deployment Maintenance/ Operation User interviews, PIA, Cross-border, Business/User/Law/Compliance needs Privacy Laws, Customer rights, Business needs, Crossborder/Cloud aspects Workflow, Data flow maps, Approvals, Data Security, Obfuscation, Anonymization, Encryption/Decryption, User/Role/Screen/Field/Operation level access Scorecard, Checklists, DoD, UAT, Privacy reviews Cross Border, Local privacy laws, Cloud, Scorecards, Maturity models, Privacy certifications, Assessments,Internal Reviews
Developer’s role - Privacy by Design • Comprehend and define legal perimeter of operations • Collaborate with communication & consent • Use proper common sense and ethics for system design • Data lifecycle - security, quality and archival • Ensure Positive-Sum not Zero-Sum • Framework in place: Policies, Standards, Guidelines • Practice privacy: Product Owners, Architects, Developers • Privacy by Design - NFR, SDLC, Checklists, Dataflow maps • Continuous evaluation and Compliance
Methods of Madness • Cookies notification alone isnt enough! • Being safe & secure isnt being privacy enabled! • Handling privacy isnt a task, it’s a process to fulfilled at several stages in increments, in iteration. • Law is law, don’t draw your conclusions, consult experts • Migrate to Privacy by design by default
GDPR & Privacy by Design • Philosophy • Privacy by Design, by default • Demonstrate privacy efforts during design, development • Para [1] 7 [2] of Art 25 clearly advocates Privacy by design and Privacy by default in spirit and letter. • Para [3] of Art 25 makes demonstration of efforts for compliance to para [1]&[2] as mandatory.
Final Checklist • Dataflow maps • Privacy Impact Assessment reports • Customer rights Vs Business Needs • Privacy Laws, applicable provisions, guidelines • Non functional requirements • Scorecards • Maturity Model, spider charts
Questions?

Recommended

Privacy Engineering
Privacy EngineeringPrivacy Engineering
Privacy Engineering
Tomi Mikkonen
 
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Intland Software GmbH
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
Mighty Guides, Inc.
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
GDPR Assessment Checklist.pptx
GDPR Assessment Checklist.pptxGDPR Assessment Checklist.pptx
GDPR Assessment Checklist.pptx
infosecTrain
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Data Ingestion in Big Data and IoT platforms
Data Ingestion in Big Data and IoT platformsData Ingestion in Big Data and IoT platforms
Data Ingestion in Big Data and IoT platforms
Guido Schmutz
 
ERP 101- Introduction to ERP for Manufacturing & Distribution
ERP 101- Introduction to ERP for Manufacturing & DistributionERP 101- Introduction to ERP for Manufacturing & Distribution
ERP 101- Introduction to ERP for Manufacturing & Distribution
Rootstock Software
 

Recommended

Privacy Engineering
Privacy EngineeringPrivacy Engineering
Privacy Engineering
Tomi Mikkonen
 
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Advanced System Engineering in the Automotive Industry - Dr Alain Pfouga (pro...
Intland Software GmbH
 
7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender7 Experts on Implementing Microsoft 365 Defender
7 Experts on Implementing Microsoft 365 Defender
Mighty Guides, Inc.
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
NA Putra
 
GDPR Assessment Checklist.pptx
GDPR Assessment Checklist.pptxGDPR Assessment Checklist.pptx
GDPR Assessment Checklist.pptx
infosecTrain
 
dlux - Splunk Technical Overview
dlux - Splunk Technical Overviewdlux - Splunk Technical Overview
dlux - Splunk Technical Overview
David Lutz
 
Data Ingestion in Big Data and IoT platforms
Data Ingestion in Big Data and IoT platformsData Ingestion in Big Data and IoT platforms
Data Ingestion in Big Data and IoT platforms
Guido Schmutz
 
ERP 101- Introduction to ERP for Manufacturing & Distribution
ERP 101- Introduction to ERP for Manufacturing & DistributionERP 101- Introduction to ERP for Manufacturing & Distribution
ERP 101- Introduction to ERP for Manufacturing & Distribution
Rootstock Software
 
Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Resume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs ExperienceResume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs Experience
Shubham Singh
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Introducing log analysis to your organization
Introducing log analysis to your organization Introducing log analysis to your organization
Introducing log analysis to your organization
Sematext Group, Inc.
 
8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf
Álvaro Muñoz
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
Splunk
 
Ideal Final Result
Ideal Final ResultIdeal Final Result
Ideal Final Result
Renee Mangino
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
kevino80
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic Apps
BizTalk360
 
NET Conf 2023 Recap
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 
PLM-ERP Integration
PLM-ERP IntegrationPLM-ERP Integration
PLM-ERP Integration
Jagannathan Thiruvazhi (Jagan)
 
Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13
Milind Waikul
 
Deploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected EnterpriseDeploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected Enterprise
Rockwell Automation
 
UiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptxUiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptx
Rohit Radhakrishnan
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
ICS
 
Full lifecycle of a microservice
Full lifecycle of a microserviceFull lifecycle of a microservice
Full lifecycle of a microservice
Luigi Bennardis
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
Hernan Huwyler, MBA CPA
 

More Related Content

What's hot

Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Resume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs ExperienceResume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs Experience
Shubham Singh
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Kai Wähner
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Introducing log analysis to your organization
Introducing log analysis to your organization Introducing log analysis to your organization
Introducing log analysis to your organization
Sematext Group, Inc.
 
8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf
Álvaro Muñoz
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
Splunk
 
Ideal Final Result
Ideal Final ResultIdeal Final Result
Ideal Final Result
Renee Mangino
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
kevino80
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic Apps
BizTalk360
 
NET Conf 2023 Recap
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
Lee Richardson
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
James W. De Rienzo
 
PLM-ERP Integration
PLM-ERP IntegrationPLM-ERP Integration
PLM-ERP Integration
Jagannathan Thiruvazhi (Jagan)
 
Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13
Milind Waikul
 
Deploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected EnterpriseDeploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected Enterprise
Rockwell Automation
 
UiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptxUiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptx
Rohit Radhakrishnan
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
ICS
 
Full lifecycle of a microservice
Full lifecycle of a microserviceFull lifecycle of a microservice
Full lifecycle of a microservice
Luigi Bennardis
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
CSNP
 

What's hot (20)

Supply management 1.1.pdf
Supply management 1.1.pdfSupply management 1.1.pdf
Supply management 1.1.pdf
 
Resume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs ExperienceResume Assistant Manager Industrial Engineering with 8yrs Experience
Resume Assistant Manager Industrial Engineering with 8yrs Experience
 
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR ModernizationApache Kafka for Cybersecurity and SIEM / SOAR Modernization
Apache Kafka for Cybersecurity and SIEM / SOAR Modernization
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
Introducing log analysis to your organization
Introducing log analysis to your organization Introducing log analysis to your organization
Introducing log analysis to your organization
 
8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf8100771-ISO12207-2017.pdf
8100771-ISO12207-2017.pdf
 
Splunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of ThingsSplunk for Industrial Data and the Internet of Things
Splunk for Industrial Data and the Internet of Things
 
Ideal Final Result
Ideal Final ResultIdeal Final Result
Ideal Final Result
 
Software Compliance Management Overview
Software Compliance Management OverviewSoftware Compliance Management Overview
Software Compliance Management Overview
 
Workflow Automation with Logic Apps
Workflow Automation with Logic AppsWorkflow Automation with Logic Apps
Workflow Automation with Logic Apps
 
NET Conf 2023 Recap
NET Conf 2023 RecapNET Conf 2023 Recap
NET Conf 2023 Recap
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6aCritical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
Critical Security Controls v4 1 Mapped to NIST SP 800-53 Rev.4-final r6a
 
PLM-ERP Integration
PLM-ERP IntegrationPLM-ERP Integration
PLM-ERP Integration
 
Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13Running Siebel on AWS - Oracle Open World 13
Running Siebel on AWS - Oracle Open World 13
 
Deploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected EnterpriseDeploy Secure Network Architectures for The Connected Enterprise
Deploy Secure Network Architectures for The Connected Enterprise
 
UiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptxUiPath Orchestrator Authentication v 1.2.pptx
UiPath Orchestrator Authentication v 1.2.pptx
 
Practical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdfPractical Advice for FDA’s 510(k) Requirements.pdf
Practical Advice for FDA’s 510(k) Requirements.pdf
 
Full lifecycle of a microservice
Full lifecycle of a microserviceFull lifecycle of a microservice
Full lifecycle of a microservice
 
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-SegmentationGuardicore - Shrink Your Attack Surface with Micro-Segmentation
Guardicore - Shrink Your Attack Surface with Micro-Segmentation
 

Similar to Privacy by Design or Privacy by Re-engineering

Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
Sebastien Deleersnyder
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
Hernan Huwyler, MBA CPA
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec train
ShivamSharma909
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IBM Sverige
 
Data architecture around risk management
Data architecture around risk managementData architecture around risk management
Data architecture around risk management
Suvradeep Rudra
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
Eryk Budi Pratama
 
Blur De-Identification
Blur De-IdentificationBlur De-Identification
Blur De-Identification
d-Wise Technologies
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
Cloudera, Inc.
 
Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]
rickkhosla
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies
 
Abitech Software - Collaboration Options
Abitech Software - Collaboration OptionsAbitech Software - Collaboration Options
Abitech Software - Collaboration Options
Andrew Pyshkin
 
First bankcard presentation 3.3.15
First bankcard presentation 3.3.15First bankcard presentation 3.3.15
First bankcard presentation 3.3.15
Julie McDonald
 
Agile and Its Impact on Productivity
Agile and Its Impact on ProductivityAgile and Its Impact on Productivity
Agile and Its Impact on Productivity
DCG Software Value
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
Auxenta Services
Auxenta ServicesAuxenta Services
Auxenta Services
Sam Salazar
 
bh-win-04-conacher.ppt
bh-win-04-conacher.pptbh-win-04-conacher.ppt
bh-win-04-conacher.ppt
Rakesh Kumar
 
Smart Company Profile
Smart Company ProfileSmart Company Profile
Smart Company Profile
sumitchugh08
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
CREST
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 

Similar to Privacy by Design or Privacy by Re-engineering (20)

Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Accelerating the Path to GDPR Compliance
Accelerating the Path to GDPR ComplianceAccelerating the Path to GDPR Compliance
Accelerating the Path to GDPR Compliance
 
Cdpse course content infosec train
Cdpse course content infosec trainCdpse course content infosec train
Cdpse course content infosec train
 
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen DeloitteIAM Methods 2.0 Presentation Michael Nielsen Deloitte
IAM Methods 2.0 Presentation Michael Nielsen Deloitte
 
Data architecture around risk management
Data architecture around risk managementData architecture around risk management
Data architecture around risk management
 
Privacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program ImplementationPrivacy-ready Data Protection Program Implementation
Privacy-ready Data Protection Program Implementation
 
Blur De-Identification
Blur De-IdentificationBlur De-Identification
Blur De-Identification
 
Hadoop and Financial Services
Hadoop and Financial ServicesHadoop and Financial Services
Hadoop and Financial Services
 
Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]Rega solutions ppt [compatibility mode]
Rega solutions ppt [compatibility mode]
 
Happiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution OverviewHappiest Minds Technologies- ComplianceVigil Solution Overview
Happiest Minds Technologies- ComplianceVigil Solution Overview
 
Abitech Software - Collaboration Options
Abitech Software - Collaboration OptionsAbitech Software - Collaboration Options
Abitech Software - Collaboration Options
 
First bankcard presentation 3.3.15
First bankcard presentation 3.3.15First bankcard presentation 3.3.15
First bankcard presentation 3.3.15
 
Agile and Its Impact on Productivity
Agile and Its Impact on ProductivityAgile and Its Impact on Productivity
Agile and Its Impact on Productivity
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
 
Auxenta Services
Auxenta ServicesAuxenta Services
Auxenta Services
 
bh-win-04-conacher.ppt
bh-win-04-conacher.pptbh-win-04-conacher.ppt
bh-win-04-conacher.ppt
 
Smart Company Profile
Smart Company ProfileSmart Company Profile
Smart Company Profile
 
Privacy Engineering in the Wild
Privacy Engineering in the WildPrivacy Engineering in the Wild
Privacy Engineering in the Wild
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 

Recently uploaded

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
ToXSL Technologies
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
Karya Keeper
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
dakas1
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
Patrick Weigel
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
Quickdice ERP
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
Tier1 app
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
ISH Technologies
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
gapen1
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
Alina Yurenko
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Paul Brebner
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
ervikas4
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Third Creative Media
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 

Recently uploaded (20)

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?How Can Hiring A Mobile App Development Company Help Your Business Grow?
How Can Hiring A Mobile App Development Company Help Your Business Grow?
 
Project Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdfProject Management: The Role of Project Dashboards.pdf
Project Management: The Role of Project Dashboards.pdf
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdfBaha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
Baha Majid WCA4Z IBM Z Customer Council Boston June 2024.pdf
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
WWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders AustinWWDC 2024 Keynote Review: For CocoaCoders Austin
WWDC 2024 Keynote Review: For CocoaCoders Austin
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesE-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian Companies
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISDECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSIS
 
Preparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech AgencyPreparing Non - Technical Founders for Engaging a Tech Agency
Preparing Non - Technical Founders for Engaging a Tech Agency
 
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
如何办理(hull学位证书)英国赫尔大学毕业证硕士文凭原版一模一样
 
All you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVMAll you need to know about Spring Boot and GraalVM
All you need to know about Spring Boot and GraalVM
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
 
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptxMigration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
Migration From CH 1.0 to CH 2.0 and Mule 4.6 & Java 17 Upgrade.pptx
 
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 

Privacy by Design or Privacy by Re-engineering

  • 1. Privacy by Design of Privacy by Re-engineering? Are your applications GDPR compliant? Andre Cardinaal Business Consultant @GDPR Coach andre.cardinaal@gdprcoach.nl
  • 2. Agenda • Context - Why Privacy by Design(PbD) is imminent • Principles involved • Approaches to implement • Fit it into System Design • Methods of Madness • GDPR & Privacy by Design • Concept test - Scorecard
  • 3. Why Privacy by Design • Prevention is better than cure! • Robust processes are key to sound business • Avoid legislative and statutory scrutiny • Avoid financial losses and penalties due to breaches • Increase brand equity by enhanced customer trust
  • 4. Principles of Privacy by Design • Proactive not reactive — preventative not remedial • Lead with privacy as the default setting • Embed privacy into design • Retain full functionality (positive-sum, not zero-sum) • Ensure end-to-end security • Maintain visibility and transparency—keep it open • Respect user privacy—keep it user-centric
  • 5. Approaches to implement PbD • Add Privacy requirements to system requirements for planning, costing, sprinting and quality outcomes • Data flow mappings as input to Architecture • PbD scorecard to be part of Definition of Done(DoD) • Compliance to privacy requirements, like security requirements, to be mandatory for production release
  • 6. Foundational phases for PbD ANALYSYS DESIGN DEVELOP Technique • De-identification • Obfuscation • Anonymization • Encryption / Decryption Concept • Data Mapping • PIA Approach • Minimal Data • Limit to purpose • Limit retention • By / From retention
  • 7. PbD from scratch Data Mapping • Understand Information Flow • Comprehend Information Flow • Segregate Data items • Data items • Formats • Transfer Methods • Location: From / To • Accountability • Access PIA • Gather Info & Generate Flow • Size and Scope • Consult with Stakeholders • Check flow against principles • Risk Management • Identify Risks • Identify Mitigation approach
  • 9. System Design Requirements Analysis Design Development Deployment Maintenance/ Operation User interviews, PIA, Cross-border, Business/User/Law/Compliance needs Privacy Laws, Customer rights, Business needs, Crossborder/Cloud aspects Workflow, Data flow maps, Approvals, Data Security, Obfuscation, Anonymization, Encryption/Decryption, User/Role/Screen/Field/Operation level access Scorecard, Checklists, DoD, UAT, Privacy reviews Cross Border, Local privacy laws, Cloud, Scorecards, Maturity models, Privacy certifications, Assessments,Internal Reviews
  • 10. Developer’s role - Privacy by Design • Comprehend and define legal perimeter of operations • Collaborate with communication & consent • Use proper common sense and ethics for system design • Data lifecycle - security, quality and archival • Ensure Positive-Sum not Zero-Sum • Framework in place: Policies, Standards, Guidelines • Practice privacy: Product Owners, Architects, Developers • Privacy by Design - NFR, SDLC, Checklists, Dataflow maps • Continuous evaluation and Compliance
  • 11. Methods of Madness • Cookies notification alone isnt enough! • Being safe & secure isnt being privacy enabled! • Handling privacy isnt a task, it’s a process to fulfilled at several stages in increments, in iteration. • Law is law, don’t draw your conclusions, consult experts • Migrate to Privacy by design by default
  • 12. GDPR & Privacy by Design • Philosophy • Privacy by Design, by default • Demonstrate privacy efforts during design, development • Para [1] 7 [2] of Art 25 clearly advocates Privacy by design and Privacy by default in spirit and letter. • Para [3] of Art 25 makes demonstration of efforts for compliance to para [1]&[2] as mandatory.
  • 13. Final Checklist • Dataflow maps • Privacy Impact Assessment reports • Customer rights Vs Business Needs • Privacy Laws, applicable provisions, guidelines • Non functional requirements • Scorecards • Maturity Model, spider charts