Start safeguarding personal information of your users at the earliest beginning in a project and make it default.
In this talk I will go over the concepts of privacy by design and default where I will go deeper into the why and how of safeguarding your user's personal information.
3. GDPR
WHAT WAS GDPR AGAIN?
Regulate the privacy of EU data subjects
Sanction organisations in violation of GDPR
Offer a privacy framework for businesses
17. DEFAULT OFF, GRANULAR ON
When using a feature that has a potential of collecting
personal information, start with it in the “off” state and let
users turn it on if they want to make use of this feature.
18. STRIP INVISIBLE METADATA
Provide a functionality that removes invisible metadata from
an item that has been provided on your platform (e.g. EXIF
data in photos, document history, IP addresses).
19. PERSONAL DATA CONFINEMENT
When collecting personal information, ensure that business
and personal data are kept separate (e.g. on device), without
the ability to link both data sources.
20. PERSONAL DATA STORE
When using personal devices (e.g. mobile device, personal
computer), you can use on-device storage for setting
personalised con
fi
gurations and preferences.
21. PRIVACY DASHBOARD
Provide a self-serviced, privacy dashboard where users can
request access to their personal information for review,
modify, remove, and transfer their data.
22. PRIVACY KILLSWITCH
Provide a mechanism that would remove, disconnect or
anonymise all personal information at the press of a single
button.
27. IT’S UP TO THE DEVELOPERS!
Learn about (web application) security
Learn about encryption types & techniques
Add more telemetry in your applications
30. THINGS DEVS CAN DO
Ask bare minimum
Reduce retention time
Remove from UI
Apply ACL/RBAC
Add DLP* solutions
Anonymise data
Encrypt data
Point out violations
(*) DLP: Data Leak Prevention
37. SUMMARY
GDPR is here to stay
Personal information protection goes global
We all have a responsibility to protect data
38. REFERENCES
Privacy Design Patterns Eight Privacy Design Patterns
ENISA Privacy By Design
Article 25 GDPR ICO Data protection
Data protection in the EU