presentation for the lsec gdpr event - 20171130
TRANSCRIPT
Privacy (by) Design
GDPR event - 30 Nov 2017
Tommy Vandepitte
http://www.legaltechdesign.com/LegalDesignToolbox/
Case 1
Participant
Case 2
Co-organiser
Master of ceremony
Arthur Christmas
Timekeeper
Arthur Christmas
Experts
Arthur Christmas
Helpers
Arthur Christmas
https://sites.google.com/site/pbd20171106
Questions / Go onTake your pick
What’s in it for you? (externally)
Qualifier
What’s in it for you? (externally)
Differentiator
What’s in it for you? (externally)
What’s in it for you? (externally)
• Decision makers
• Future users
• CIOs
• CISOs
• DPOs
• Legal
• …
What’s in it for you? (externally)
Our agreeent is in line with (article 28) GPDR Our product helps you comply with
GDPR… We thought about the principles, give a
baseline, but you can tweak We thought about data subject rights, and
have implemented like this We have a dashboard for the end
customers preference, and it works like this We have audit logs, a compliance role, …
… and I have the documentation to back it up
What’s in it for you? (internally)
� Bring people together
� Better understanding of each others’ position
� Creates awareness
� People unknowingly learn
� Tackle big problems early, small problems later…
� Overall less rework (and thus lower cost)
Challenges
� It is a time investment
� First, you have to speak the same language
� DPO must stand strong in his/her shoes
� DPO must be honest
� DPO must be willing to invest in understanding the business
� DPO needs to learn to give advice in uncertainty
� Business needs to learn that first advice may need to be adjusted due to incremental insight
�…
The Justice League
https://www.youtube.com/watch?v=ZJVvrmLSTsg
Quis custodiet ipsos custodes?
Sidedeck
Think it through
International
Legal perspective
Legal perspective
In fact… it is a tale of old
Take different perspectives
Data subject centric
in mind around the table
Bring the bunch together
A challenge
Analysis
Start with why?
Look at the general UI
Overcome the human nature
Think like an “attacker”
…but also
Multiple iterations
Lean
No (full) checklist ?
“Ethics cannot be captured in checklists.”
Legislation is vague (on purpose).
Parties are not “out” on the matter yet.
No checklist can ever be “exhaustive”.
Academic frameworks
Academic frameworks
Academic frameworks
Where the rubber hits the road
Open innovation
Co-creation
Vodafone / Thomson Reuters
https://www.ted.com/talks/seth_godin_this_is_broken_1
Game design
Marlous Theunissen