• +352 2877 5961
  • “Terre Verte“ 70, route de Belval L-4024 Esch sur Alzette

Integrating Privacy by Design: GDPR’s graal?

20th February 2018 , ,
Privacy by Design by Default

When developing a new service or technology, companies handling personal data must take into account many constraints in order to achieve the defined goals. However, with the General Data Protection Regulations (GDPR) implementation, new problems are now arising for companies. Among them is the ” Privacy by Design “. This concept was formalized in the 1990s by Ann Cavoukian, Data Protection Officer of the State of Ontario in Canada. Privacy by design tends to emphasize the importance of privacy and personal data protection when designing a technology, website or application. Indeed, the experts believe that these issues must be addressed at the design stage in order to guarantee the right to data protection. However, the latter is currently being taken into account late, at a time when the changes are likely to generate significant costs.

“The protection of privacy from the design stage aims to act proactively and preventively, before a new technology, because it facilitates the processing of personal data, leads to many data breaches”. says Jean Christophe Schwaab, Vaud National Councilor. This concept is thus naturally in line with the General Data Protection Regulation and must be taken into account when implementing it. While some GDPR articles raise questions, Privacy by Design allows companies to anticipate problems and offer full protection. It allows data to be managed regardless of the operations carried out, as specified in Article 32 on the security of processing operations: data must be protected from collection to deletion.

In September 2017, Equifax, one of the three largest U. S. credit rating agencies, admitted that the personal data of 143 million people had been stolen, 44% of Americans. Just for not having applied an update of an Apache development tool whose security breach was known and the patch available. This example is a perfect illustration of the problem for companies that have not taken this concept into account: protecting the infrastructure, securing it with appropriate procedures and constant monitoring. It should be noted that once the technical or business solution has been launched, it is not too late to integrate data protection. With the coming entry into force of the GDPR, the obligation to secure data will be much more clearly defined and will require the operator who is the victim of a data breach to inform the supervisory authorities or even the persons whose data have been affected. Also, training people who design and implement a new technology or a new service, developers, engineers, marketers becomes essential. If necessary, redesigning technologies, processes and treatments with the help of specialists will also contribute to GDPR compliance.

If companies that handle personal data do not comply with the GDPR, they risk serious consequences. If a company does not comply with the new data protection regulation, it is subject to administrative sanctions. Failure to respect data protection or unauthorized use of personal data constitutes a data breach punishable by a substantial fine. Furthermore, using personal data without the consent of users presents a reputational risk that can lead to loss of value or even loss of customers. At AdbA, we support you in the design (and reconfiguration) of applications by integrating ” Privacy by Design “. Our best experts are constantly trained on these issues so that you can process your personal data safely and in compliance with the GDPR. We also train your teams.