This document discusses data privacy in cloud-native applications. It defines key concepts like data privacy, data security, and privacy engineering. It outlines the 7 principles of GDPR including lawfulness, fairness, transparency, and others. It notes that data privacy laws are expanding globally and becoming crucial for business as more developers build features using microservices and third parties. Engineering teams are increasingly complex and privacy teams cannot keep up with mapping data flows, documenting privacy controls, and identifying risks. The document introduces Bearer, a tool that can catalog engineering components, map personal data flows, and automatically trigger risk assessments to help privacy engineers monitor privacy risks continuously without code changes.