Summary

Since the AVG came into force in 2018, data protection by design is a legal obligation. The concept is often associated with Privacy Enhancing Technologies (PETs). However, the obligation also extends to various technological and organisational elements intended to implement data protection principles. Putting these principles into practice means not only integrating them into the design of processing, but also selecting, implementing, configuring and maintaining the appropriate technological measures and techniques.

The report therefore provides an analysis of the potential strengths of different techniques in different areas, including anonymisation, data masking, privacy preserving computations, storage, transparency and user control tools. Furthermore, the study aims to help determine and assess the most relevant techniques, depending on each processing activity while also taking into account the needs of the data controller. This is done by indicating the strengths and possible limitations of each technique.

It discusses traditional security techniques such as access control and privacy preserving storage, as well as new concepts such as synthetic data, which offer new opportunities and challenges.

Finally, the report emphasises the importance of policy guidelines, the ability to demonstrate compliance and provide assurance to end users.