3. Security versus privacy
Security is the degree of resistance to, or protection
from, harm. It applies to any vulnerable and/or
valuable asset, such as a person, dwelling,
community, item, nation, or organization.
Privacy is the ability of an individual or group to
seclude themselves, or information about
themselves, and thereby express themselves
selectively.
Source: Wikipedia
5. The importance of privacy
Privacy helps individuals maintain their
autonomy and individuality.
Privacy is essential in freedom of speech.
Privacy protects individuals and groups of
individuals
7. Main points from GDPR which affect IT
• Extended consumer rights
• Right to know
• Right to access
• Proportional data
• New consumer rights
• Right to move
• Right to be forgotten
• Opt-in instead of opt-out
8. Right to know
• Consumers have the right to know
what personal data are stored, and
what it is used for
• This impacts both data storage and
data processing
9. Right to access
• Consumers have the right to obtain a copy
of their personal data, as it is maintained on
the servers.
• This impacts the master data storage, but
may also impact log files, reporting, and any
secondary data usage
10. Proportional data
• Consumers have the right that their
personal data is used proportionally.
The service provider may not use
personal data which is not needed for
the specific use case
• This impacts the data processing by
the service provider. What data can be
used depends on the use case.
11. Right to move
• Consumers have the right to move
their profile information from one
service provider to another
• This implies a profile export and
import functionality should exist
12. Right to be forgotten
• Consumers have the right to have all their profile and personal data removed from
the service provider’s servers.
• This impacts the master data storage, but potentially a lot more, such as log files,
backups, etc.
13. Opt-in instead of opt-out
• Consumers must explicitly give permission to the
service provider to use their personal data
• Consumers must be informed by the service
provider about which data is used and what for
• This impacts master data storage, as service
providers must explicitly store the opt-in
information, and the data processing must
explicitly handle it
14. • Extended consumer rights
• Right to know
• Right to access
• Proportional data
• New consumer rights
• Right to move
• Right to be forgotten
• Opt-in instead of opt-out
Towards GDPR implementation
microservices
application code & data model
15. Common use cases impacted by GDPR
• Storage
• Customer view & profiling
• Searching
• Linking
• Profiling
• recommendation
16. Data storage
• Personal data in any form must be
• removable, so each property must be optional and cannot be a primary key
• must be importable and exportable
• Opt-ins must be maintained within their context and stored with the personal data
• These requirements have a direct impact on the data model
• Legacy models usually do not take care of these requirements
• Models may need to be modified
• This often impacts business logic and even user interfaces
17. Customer view & profiling
• A 360 customer view is highly desired by many companies
• But what data can be used depends on the use case and what the
customer has opted-in for
• This has a direct impact on the data processing
18. Searching
• When searching for a person, what criteria do you use?
• This depends on the business context
• E.g., a helpdesk clerk on the phone may need to check the
caller’s identity first. What identifies this person and how is it linked
to the stored data?
• Names are not unique, but the unique government-issued
personal number may often not be stored
19. Linking
• Linking of personal data is what brings the real power
• Merging data from multiple sources requires linking
• An opt-in for a newsletter links a person’s e-mail address to a
newsletter
• Opt-ins can be turned into opt-outs and vice versa, and the linking
must be robust to this
• Through linking, personal data can be approached from different
angles
20. Methodology: LINDDUN
• Linkability
• Identifiability
• Non-repudiation
• Detectability
• Disclosure of Information
• Unawareness
• Non-compliance http://linddun.org