Organisations are preparing for the General Data Protection Regulation (GDPR), the latest European privacy law. Since organisations are already struggling with getting compliant to the security standards like ISO 27001⁄2, NEN 7510 or Dutch baseline as BIR / BIG/ BIWA, it’s even harder to get the right measures in place for the GDPR.
In this presentation we start with the relationship between privacy and security. And why it is even more relevant to Shift left in the development lifecycle (Privacy by Design). Then we will discuss some articles from the GDPR and will translate them in useful privacy requirements. This will demonstrate why you must have privacy and security requirements in place even before you start building or changing a system.
Next to the requirements we will end with the articles which are beneficial for organisations. some generic user and abuser stories which are relevant for most applications.
Edward van Deursen bought his first computer in the 80’s, a Commodore64. That’s where his passion for computers begun. In the late 80’s he started his career as a Cobol programmer on mainframes and mini systems. Later he developed software in C/C++ for PC’s. In 2006 he swapped to QA with roles like tester, test manager and QA manager. In these roles he discovered that most product owners are focused on functionality and not on performance and security. Edward started a security test team within the organisations he was working for. Edward is currently fulfilling the roles of CISO and DPO at Raad van State (Council of State in the Netherlands). He is coaching Scrum teams to get more and better security and privacy requirements and awareness in place. Edward van Deursen is a Certified Ethical Hacker and a Certified Information Privacy Manager.