Privacy by Design applied in Practice and the Consequences for System Developers

Abstract: Providing privacy for users is an important matter, data is processed to an increasing extent including sensitive personal information. It is a liability for organizations to take responsibility for the privacy of their users. Organizations are required by law to handle personal information in accordance to General Data Protection Regulation (GDPR). But there is a gap between the legal requirements and the technical solutions. The framework Privacy by Design (PbD) presents guidelines to include privacy in a system but lacks concrete implementations. This paper investigates how PbD can be applied to a system and how it impacts the system development. The study adopts the approach of Colesky, Hoepman and Hillen to apply Privacy by Design in Practice. This was used to develop a system model with consideration of the privacy of users as well as functional requirements and the needs of system developers. The evaluation showed a positive attitude among system developers towards the proposed system model implementing PbD. The system developers estimated that the proposed system model would introduce a slight decrease in productivity but believed the positive aspects of applying privacy would outweigh the disadvantages.