Implementing the concept of “privacy design” requires a series of critical steps, says Heikki Tolvanen, chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm, who offers insights on mistakes to avoid.
“Privacy by design” refers to an approach that focuses on addressing privacy issues throughout the entire engineering process for applications or systems.
One key step, Tolvanen says in an interview with Information Security Media Group, is determining whether it’s appropriate to anonymize data to help protect it. Another important consideration is developing processes for disclosing data as required by regulations, including the EU’s General Data Protection Regulation.
“You just have to keep in mind all the different privacy requirements. For example, under GDPR, we have a lot of different requirements applying to IT systems for processes. … So when you are designing something, you must ensure that all of those are implemented in whatever you are designing,” he says.
In this interview (see audio link below image), Tolvanen discusses:
- How to truly anonymize data;
- Whether privacy by design can be completely achieved;
- Mistakes companies are making in implementing privacy by design;
- Data privacy requirements under the EU’s GDPR.
Tolvanen is chief legal engineer at PrivacyAnt, a Finland-based privacy consulting firm. Previously, he designed, led and implemented privacy programs at some of the largest organizations in Finland.