SlideShare a Scribd company logo

Privacy by Design

Vectr.Consulting
Vectr.Consulting

Translating the GDPR into IT. What are the consequences? What should I do to be compliant?

Data & Analytics
1 of 21
Privacy by design From legal requirements to IT solutions
The Beginning Source: Wikipedia "The Right to Privacy,” 1890, Samuel Warren & Louis Brandeis, 4 Harvard Law Review 193
Security versus privacy Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and/or valuable asset, such as a person, dwelling, community, item, nation, or organization. Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. Source: Wikipedia
Security versus privacy Confidentiality Security Privacy
The importance of privacy Privacy helps individuals maintain their autonomy and individuality. Privacy is essential in freedom of speech. Privacy protects individuals and groups of individuals
Source: http://forrestertools.com/heatmap/ Privacy and data protection law in the world
Main points from GDPR which affect IT • Extended consumer rights • Right to know • Right to access • Proportional data • New consumer rights • Right to move • Right to be forgotten • Opt-in instead of opt-out
Right to know • Consumers have the right to know what personal data are stored, and what it is used for • This impacts both data storage and data processing
Right to access • Consumers have the right to obtain a copy of their personal data, as it is maintained on the servers. • This impacts the master data storage, but may also impact log files, reporting, and any secondary data usage
Proportional data • Consumers have the right that their personal data is used proportionally. The service provider may not use personal data which is not needed for the specific use case • This impacts the data processing by the service provider. What data can be used depends on the use case.
Right to move • Consumers have the right to move their profile information from one service provider to another • This implies a profile export and import functionality should exist
Right to be forgotten • Consumers have the right to have all their profile and personal data removed from the service provider’s servers. • This impacts the master data storage, but potentially a lot more, such as log files, backups, etc.
Opt-in instead of opt-out • Consumers must explicitly give permission to the service provider to use their personal data • Consumers must be informed by the service provider about which data is used and what for • This impacts master data storage, as service providers must explicitly store the opt-in information, and the data processing must explicitly handle it
• Extended consumer rights • Right to know • Right to access • Proportional data • New consumer rights • Right to move • Right to be forgotten • Opt-in instead of opt-out Towards GDPR implementation microservices application code & data model
Common use cases impacted by GDPR • Storage • Customer view & profiling • Searching • Linking • Profiling • recommendation
Data storage • Personal data in any form must be • removable, so each property must be optional and cannot be a primary key • must be importable and exportable • Opt-ins must be maintained within their context and stored with the personal data • These requirements have a direct impact on the data model • Legacy models usually do not take care of these requirements • Models may need to be modified • This often impacts business logic and even user interfaces
Customer view & profiling • A 360 customer view is highly desired by many companies • But what data can be used depends on the use case and what the customer has opted-in for • This has a direct impact on the data processing
Searching • When searching for a person, what criteria do you use? • This depends on the business context • E.g., a helpdesk clerk on the phone may need to check the caller’s identity first. What identifies this person and how is it linked to the stored data? • Names are not unique, but the unique government-issued personal number may often not be stored
Linking • Linking of personal data is what brings the real power • Merging data from multiple sources requires linking • An opt-in for a newsletter links a person’s e-mail address to a newsletter • Opt-ins can be turned into opt-outs and vice versa, and the linking must be robust to this • Through linking, personal data can be approached from different angles
Methodology: LINDDUN • Linkability • Identifiability • Non-repudiation • Detectability • Disclosure of Information • Unawareness • Non-compliance http://linddun.org
LINDDUN in a nutshell © http://linddun.org

Recommended

European GDPR for Good Technology Collective (GTC)
European GDPR for Good Technology Collective (GTC)European GDPR for Good Technology Collective (GTC)
European GDPR for Good Technology Collective (GTC)Dr. Mira Suleimenova, CIPPe
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersServerGuy
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRM
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRMManaging GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRM
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRMGold-Vision CRM
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data PortabilityBusola Awani
 
Gdpr
GdprGdpr
GdprSergey Aleshkin
 

Recommended

European GDPR for Good Technology Collective (GTC)
European GDPR for Good Technology Collective (GTC)European GDPR for Good Technology Collective (GTC)
European GDPR for Good Technology Collective (GTC)Dr. Mira Suleimenova, CIPPe
 
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersGDPR and WHOIS Compliance - Impact on Indian Stakeholders
GDPR and WHOIS Compliance - Impact on Indian StakeholdersServerGuy
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRM
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRMManaging GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRM
Managing GDPR and Other Uses of Integrated Email Marketing | Gold-Vision CRMGold-Vision CRM
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data PortabilityBusola Awani
 
Gdpr
GdprGdpr
GdprSergey Aleshkin
 
Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...CILIPScotland
 
Energy Data Privacy Presentation
Energy Data Privacy PresentationEnergy Data Privacy Presentation
Energy Data Privacy PresentationBrian Orion
 
Privacy policy information in data value chains
Privacy policy information in data value chainsPrivacy policy information in data value chains
Privacy policy information in data value chainsBig Data Value Association
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR BasicsElizabeth Dunne B.L. PC.dp
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
 
Rent-a-DPO for IT Vendors
Rent-a-DPO for IT VendorsRent-a-DPO for IT Vendors
Rent-a-DPO for IT VendorsRichard Kranendonk
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developersExove
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Stakeholder data right
Stakeholder data rightStakeholder data right
Stakeholder data rightARDC
 
GDPR introduction
GDPR introductionGDPR introduction
GDPR introductionRichard Shearwood-Porter
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights ManagementSabrina Kirrane
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
GDPR and Data Lake
GDPR and Data LakeGDPR and Data Lake
GDPR and Data Lakeshadidc
 
Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Harrison Leavey
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Ijdbms
IjdbmsIjdbms
Ijdbmsijfcst journal
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 

More Related Content

What's hot

Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...CILIPScotland
 
Energy Data Privacy Presentation
Energy Data Privacy PresentationEnergy Data Privacy Presentation
Energy Data Privacy PresentationBrian Orion
 
Privacy policy information in data value chains
Privacy policy information in data value chainsPrivacy policy information in data value chains
Privacy policy information in data value chainsBig Data Value Association
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researcherskclcompbio
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowEamonnORagh
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developersExove
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Stakeholder data right
Stakeholder data rightStakeholder data right
Stakeholder data rightARDC
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights ManagementSabrina Kirrane
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPRChing-Yu Wu
 
GDPR and Data Lake
GDPR and Data LakeGDPR and Data Lake
GDPR and Data Lakeshadidc
 
Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Harrison Leavey
 

What's hot (20)

Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...Changing legislation – General Data Protection Regulation (GDPR) and librarie...
Changing legislation – General Data Protection Regulation (GDPR) and librarie...
 
Energy Data Privacy Presentation
Energy Data Privacy PresentationEnergy Data Privacy Presentation
Energy Data Privacy Presentation
 
Privacy policy information in data value chains
Privacy policy information in data value chainsPrivacy policy information in data value chains
Privacy policy information in data value chains
 
Anne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for ResearchersAnne Cameron - An Introduction to the Data Protection Act for Researchers
Anne Cameron - An Introduction to the Data Protection Act for Researchers
 
The Data Protection Act What You Need To Know
The Data Protection Act What You Need To KnowThe Data Protection Act What You Need To Know
The Data Protection Act What You Need To Know
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
Merit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data ProtectionMerit Event - Understanding and Managing Data Protection
Merit Event - Understanding and Managing Data Protection
 
Rent-a-DPO for IT Vendors
Rent-a-DPO for IT VendorsRent-a-DPO for IT Vendors
Rent-a-DPO for IT Vendors
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
Stakeholder data right
Stakeholder data rightStakeholder data right
Stakeholder data right
 
GDPR introduction
GDPR introductionGDPR introduction
GDPR introduction
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights Management
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Real world data engineering practices for GDPR
Real world data engineering practices for GDPRReal world data engineering practices for GDPR
Real world data engineering practices for GDPR
 
GDPR and Data Lake
GDPR and Data LakeGDPR and Data Lake
GDPR and Data Lake
 
Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Ijdbms
IjdbmsIjdbms
Ijdbms
 

Similar to Privacy by Design

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital MarketersOne North
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationGrittyCC
 
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdfstirlingvwriters
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Zoodikers
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR PresentationLuke Kyte
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy RegulationJatin Kochhar
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRBartLieben
 
5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...Code Computerlove
 
GDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxGDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxTimBee1
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedStewart Norriss
 
LW GDPR and Cyber Security.pptx
LW GDPR and Cyber Security.pptxLW GDPR and Cyber Security.pptx
LW GDPR and Cyber Security.pptxTimBee1
 
Data Ethics Framework 2.pptx
Data Ethics Framework 2.pptxData Ethics Framework 2.pptx
Data Ethics Framework 2.pptxUgurKaplancali
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]Kwanzoo Inc
 
GDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsGDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsServerGuy
 

Similar to Privacy by Design (20)

#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Gdpr for business full
Gdpr for business fullGdpr for business full
Gdpr for business full
 
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
 
IT risk discusion qustion.pdf
IT risk discusion qustion.pdfIT risk discusion qustion.pdf
IT risk discusion qustion.pdf
 
Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)Getting to grips with General Data Protection Regulation (GDPR)
Getting to grips with General Data Protection Regulation (GDPR)
 
Reddico GDPR Presentation
Reddico GDPR PresentationReddico GDPR Presentation
Reddico GDPR Presentation
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
Domain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPRDomain management and brand protection in the era of the EU's GDPR
Domain management and brand protection in the era of the EU's GDPR
 
5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...5) How charities can protect themselves against data reform - ‘Emerging Digit...
5) How charities can protect themselves against data reform - ‘Emerging Digit...
 
GDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptxGDPR and Cyber Security LW.pptx
GDPR and Cyber Security LW.pptx
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
 
GDPR Practicalities - The Data Shed
GDPR Practicalities - The Data ShedGDPR Practicalities - The Data Shed
GDPR Practicalities - The Data Shed
 
LW GDPR and Cyber Security.pptx
LW GDPR and Cyber Security.pptxLW GDPR and Cyber Security.pptx
LW GDPR and Cyber Security.pptx
 
Data Ethics Framework 2.pptx
Data Ethics Framework 2.pptxData Ethics Framework 2.pptx
Data Ethics Framework 2.pptx
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]ABM Display Advertising Success in the World of GDPR [PPT]
ABM Display Advertising Success in the World of GDPR [PPT]
 
GDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsGDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & Solutions
 

Recently uploaded

Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz1
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptxAnupama Kate
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一ffjhghh
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxStephen266013
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystSamantha Rae Coolbeth
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxfirstjob4
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfRachmat Ramadhan H
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiSuhani Kapoor
 

Recently uploaded (20)

Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
(PARI) Call Girls Wanowrie ( 7001035870 ) HI-Fi Pune Escorts Service
 
Invezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signalsInvezz.com - Grow your wealth with trading signals
Invezz.com - Grow your wealth with trading signals
 
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip CallDelhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
Delhi Call Girls Punjabi Bagh 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx100-Concepts-of-AI by Anupama Kate .pptx
100-Concepts-of-AI by Anupama Kate .pptx
 
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
定制英国白金汉大学毕业证(UCB毕业证书) 成绩单原版一比一
 
B2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docxB2 Creative Industry Response Evaluation.docx
B2 Creative Industry Response Evaluation.docx
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
Unveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data AnalystUnveiling Insights: The Role of a Data Analyst
Unveiling Insights: The Role of a Data Analyst
 
Introduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptxIntroduction-to-Machine-Learning (1).pptx
Introduction-to-Machine-Learning (1).pptx
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdfMarket Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
Market Analysis in the 5 Largest Economic Countries in Southeast Asia.pdf
 
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service BhilaiLow Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
Low Rate Call Girls Bhilai Anika 8250192130 Independent Escort Service Bhilai
 

Privacy by Design

  • 1. Privacy by design From legal requirements to IT solutions
  • 2. The Beginning Source: Wikipedia "The Right to Privacy,” 1890, Samuel Warren & Louis Brandeis, 4 Harvard Law Review 193
  • 3. Security versus privacy Security is the degree of resistance to, or protection from, harm. It applies to any vulnerable and/or valuable asset, such as a person, dwelling, community, item, nation, or organization. Privacy is the ability of an individual or group to seclude themselves, or information about themselves, and thereby express themselves selectively. Source: Wikipedia
  • 5. The importance of privacy Privacy helps individuals maintain their autonomy and individuality. Privacy is essential in freedom of speech. Privacy protects individuals and groups of individuals
  • 7. Main points from GDPR which affect IT • Extended consumer rights • Right to know • Right to access • Proportional data • New consumer rights • Right to move • Right to be forgotten • Opt-in instead of opt-out
  • 8. Right to know • Consumers have the right to know what personal data are stored, and what it is used for • This impacts both data storage and data processing
  • 9. Right to access • Consumers have the right to obtain a copy of their personal data, as it is maintained on the servers. • This impacts the master data storage, but may also impact log files, reporting, and any secondary data usage
  • 10. Proportional data • Consumers have the right that their personal data is used proportionally. The service provider may not use personal data which is not needed for the specific use case • This impacts the data processing by the service provider. What data can be used depends on the use case.
  • 11. Right to move • Consumers have the right to move their profile information from one service provider to another • This implies a profile export and import functionality should exist
  • 12. Right to be forgotten • Consumers have the right to have all their profile and personal data removed from the service provider’s servers. • This impacts the master data storage, but potentially a lot more, such as log files, backups, etc.
  • 13. Opt-in instead of opt-out • Consumers must explicitly give permission to the service provider to use their personal data • Consumers must be informed by the service provider about which data is used and what for • This impacts master data storage, as service providers must explicitly store the opt-in information, and the data processing must explicitly handle it
  • 14. • Extended consumer rights • Right to know • Right to access • Proportional data • New consumer rights • Right to move • Right to be forgotten • Opt-in instead of opt-out Towards GDPR implementation microservices application code & data model
  • 15. Common use cases impacted by GDPR • Storage • Customer view & profiling • Searching • Linking • Profiling • recommendation
  • 16. Data storage • Personal data in any form must be • removable, so each property must be optional and cannot be a primary key • must be importable and exportable • Opt-ins must be maintained within their context and stored with the personal data • These requirements have a direct impact on the data model • Legacy models usually do not take care of these requirements • Models may need to be modified • This often impacts business logic and even user interfaces
  • 17. Customer view & profiling • A 360 customer view is highly desired by many companies • But what data can be used depends on the use case and what the customer has opted-in for • This has a direct impact on the data processing
  • 18. Searching • When searching for a person, what criteria do you use? • This depends on the business context • E.g., a helpdesk clerk on the phone may need to check the caller’s identity first. What identifies this person and how is it linked to the stored data? • Names are not unique, but the unique government-issued personal number may often not be stored
  • 19. Linking • Linking of personal data is what brings the real power • Merging data from multiple sources requires linking • An opt-in for a newsletter links a person’s e-mail address to a newsletter • Opt-ins can be turned into opt-outs and vice versa, and the linking must be robust to this • Through linking, personal data can be approached from different angles
  • 20. Methodology: LINDDUN • Linkability • Identifiability • Non-repudiation • Detectability • Disclosure of Information • Unawareness • Non-compliance http://linddun.org
  • 21. LINDDUN in a nutshell © http://linddun.org