ENISA - Data Protection Engineering: From Theory to Practice
On the occasion of Data Protection Day, ENISA published a new report on data protection by design techniques. It aims to support experts and organisations and assist them in the practical implementation of the technical aspects of data protection by design and by default.
What: Rapport
Impactscore: 4 - study
For who: data protection experts, companies, sector organisations
URL: https://www.enisa.europa.eu/publications/data-protection-engineering
Summary
Since the AVG came into force in 2018, data protection by design is a legal obligation. The concept is often associated with Privacy Enhancing Technologies (PETs). However, the obligation also extends to various technological and organisational elements intended to implement data protection principles. Putting these principles into practice means not only integrating them into the design of processing, but also selecting, implementing, configuring and maintaining the appropriate technological measures and techniques.The report therefore provides an analysis of the potential strengths of different techniques in different areas, including anonymisation, data masking, privacy preserving computations, storage, transparency and user control tools. Furthermore, the study aims to help determine and assess the most relevant techniques, depending on each processing activity while also taking into account the needs of the data controller. This is done by indicating the strengths and possible limitations of each technique.
It discusses traditional security techniques such as access control and privacy preserving storage, as well as new concepts such as synthetic data, which offer new opportunities and challenges.
Finally, the report emphasises the importance of policy guidelines, the ability to demonstrate compliance and provide assurance to end users.