We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Secure Computing and Hands-on Privacy By Design - Nikolai Norman Andersen - NDC Oslo 2024
Explore practical privacy-by-design implementation with encryption, secure computing, and data minimization. Learn GDPR compliance and tools for protecting personal data.
-
Privacy by design requires considering data protection from the start of system design, not as an afterthought
-
Personal data has a broad definition under GDPR - includes direct and indirect identifiers like IP addresses, device IDs, and any data that can identify individuals
-
Anonymization is permanent and irreversible removal of identifying information, while pseudonymization allows data to be restored with additional information
-
International data transfers, especially to the US, require adequate protection measures like standard contractual clauses or adequacy decisions
-
Encryption alone does not make data non-personal - encrypted personal data is still considered personal data under GDPR
-
Client-side encryption and secure enclaves can help protect data by processing it in secure environments before it reaches servers
-
Managed identities in cloud platforms provide secure ways to handle authentication without exposing secrets
-
Data minimization is key - collect and expose only the minimum necessary personal data for the specific purpose
-
Statistical data needs careful aggregation and suppression techniques to prevent re-identification of individuals
-
Tools like SOPS can help manage encrypted secrets in source control while maintaining security
-
Organizations are responsible for ensuring their data processors and third parties handle data with adequate protection
-
Privacy considerations must cover both customer and employee personal data with equal protection levels