Author:

Abstract:

Developers want ‘specs’. The DPO required privacy / data protection by design (PbD) like article 25 GDPR. The project manager only manages the project. The product / process manager has no clue how to translate “article 25 GDPR” to his product or process. Bloody hell, what a mess. And we are not even taking into account that parts of this project are outsourced. Yes, implementing PbD is not easy. It is hardly defined, so getting there requires work, or more correct collaboration. If everybody says “not my job” you end up with a disaster, a Frankenstein’s monster at best. Thinking PbD from the beginning gets you off to a good start. But then there is the matter of making PbD tangible, specific, so the business and/or IT can document it, implement it, and control it. Not an easy feat. KULeuven’s Pierre Dewitte (@PiDewitte) has been working on that issue with colleagues. They have come up with the PRiSE meta model which might help bring the people in your organisation together around the notion of PbD.