Explore a comprehensive conference talk on embedding GDPR requirements into the Secure Development Lifecycle (SDLC). Learn how to map GDPR principles to software security activities, including involving the Data Protection Officer in governance, providing privacy awareness training to developers, and incorporating privacy considerations into secure coding guidelines. Discover techniques for conducting Privacy Impact Analysis as part of risk assessment, translating GDPR into software security requirements, and applying privacy by design in software architecture. Gain insights on integrating privacy threats into threat modeling, implementing privacy security checklists in testing, and adapting vulnerability and incident management processes to meet GDPR-specific breach notification requirements. Benefit from practical implementation aspects and real-life use case demonstrations from software security and privacy projects.
Embedding GDPR Into the Secure Development Lifecycle
Overview
Syllabus
Intro
Agenda
GDPR
What is personal data
GDPR principles
Confidentiality
Software Development Lifecycle
Secure Development Lifecycle
Strategy Metrics
Policy in Compliance
Education and Guidance
Data Privacy Impact Assessment
Security Requirements
Security Architecture
Design Review
Implementation Review
Dynamic Testing
Data Breach Reporting
Environment Hardening
Operational Enablement
Customer Example
What We Like
Advantages
Community
Next steps
Questions
Contact
Taught by
OWASP Foundation
