Privacy (by) Design

GDPR event - 30 Nov 2017

Tommy Vandepitte

http://www.legaltechdesign.com/LegalDesignToolbox/

Case 1

Participant

Case 2

Co-organiser

Master of ceremony

Arthur Christmas

Timekeeper

Arthur Christmas

Experts

Arthur Christmas

Helpers

Arthur Christmas

https://sites.google.com/site/pbd20171106

Questions / Go onTake your pick

What’s in it for you? (externally)

Qualifier

What’s in it for you? (externally)

Differentiator

What’s in it for you? (externally)

What’s in it for you? (externally)

• Decision makers

• Future users

• CIOs

• CISOs

• DPOs

• Legal

• …

What’s in it for you? (externally)

Our agreeent is in line with (article 28) GPDR Our product helps you comply with

GDPR… We thought about the principles, give a

baseline, but you can tweak We thought about data subject rights, and

have implemented like this We have a dashboard for the end

customers preference, and it works like this We have audit logs, a compliance role, …

… and I have the documentation to back it up

What’s in it for you? (internally)

� Bring people together

� Better understanding of each others’ position

� Creates awareness

� People unknowingly learn

� Tackle big problems early, small problems later…

� Overall less rework (and thus lower cost)

Challenges

� It is a time investment

� First, you have to speak the same language

� DPO must stand strong in his/her shoes

� DPO must be honest

� DPO must be willing to invest in understanding the business

� DPO needs to learn to give advice in uncertainty

� Business needs to learn that first advice may need to be adjusted due to incremental insight

�…

The Justice League

https://www.youtube.com/watch?v=ZJVvrmLSTsg

Quis custodiet ipsos custodes?

Sidedeck

Think it through

International

Legal perspective

Legal perspective

In fact… it is a tale of old

Take different perspectives

Data subject centric

in mind around the table

Bring the bunch together

A challenge

Analysis

Start with why?

Look at the general UI

Overcome the human nature

Think like an “attacker”

…but also

Multiple iterations

Lean

No (full) checklist ?

“Ethics cannot be captured in checklists.”

Legislation is vague (on purpose).

Parties are not “out” on the matter yet.

No checklist can ever be “exhaustive”.

Academic frameworks

Academic frameworks

Academic frameworks

Where the rubber hits the road

Open innovation

Co-creation

Vodafone / Thomson Reuters

https://www.ted.com/talks/seth_godin_this_is_broken_1

Game design

Marlous Theunissen