From Privacy by Design to Data Protection by Design - The Challenges of Turning Good Practice into a Legal Obligation

Explore the challenges of implementing Data Protection by Design as a legal obligation under the GDPR in this 51-minute USENIX Security '19 conference talk. Delve into the implications for organizations processing personal data in the EU, the role of supervisory authorities, and the need for practicable criteria to assess compliance. Examine how the GDPR addresses the entire lifecycle of data processing systems and the new demands placed on privacy engineers. Consider the maturity of privacy engineering, potential gaps in existing Privacy-Enhancing Technologies (PETs), and the role of public sector procurement in advancing data protection standards. Discuss potential tools and instruments to address these challenges, including design patterns, software catalogues, toolboxes, and checklists.