Maybe you have noticed it. Privacy is an issue. A bit strange since there are only 17 days left until the new EU General Data Protection Regulation (GDPR) will become fully enforceable throughout the European Union.
So before end of May 2018 all organizations that process data of EU citizens must comply with this General Data Protection Regulation. To be compliant with the GDPR you must apply to article 25 “Data protection by design and by default“. Also known as ‘Privacy by design‘. But applying this approach can be complex and time consuming. But as with all challenges within security and privacy good design rules have been developed.
Reusable solutions for applying ‘Privacy-by-design’ in your architecture and implementation activities can increase the speed of creating and improve the quality of your IT solution. However many documents that have a title ‘Privacy-by-design’ and claim to help you with this architecture challenge do little more than giving a summary of all the GDPR rules and principles that must be taken into account. So these kind of documents give you little help when you are looking a way for speeding up your ‘Privacy-by-design’ challenge.
A nice and proven way to speed up business IT design challenges is to use design patterns. So the use of privacy patterns can speed up the creation of your privacy architecture when you make use of good quality patterns. Privacy patterns can be regarded as partial solutions to common privacy problems. So when you are facing privacy design challenges a good way is to find a number of good small solutions and glue these together.
A very good and rich collection of privacy design patterns can be found on: https://privacypatterns.org/patterns/ E.g. you can find here privacy design patterns for:
- Use of dummies
- Data Breach Notification Pattern
- Layered Policy Design
- Strip Invisible Metadata and many more!
All these patterns developed as mini ‘design solutions’ to common privacy problems. Using these privacy patterns is an easy and practical way to solve ‘privacy-by-design’ challenges within small and large organizations. Adding new privacy patterns to this collection is open for all, since this ‘Privacy Patterns’ project is an open project. Check https://github.com/privacypatterns if you want to contribute.
This blog post will be added (after rewrite) as an extension on the ‘Open Reference Architecture for Security and Privacy‘. We are working on an renewed version. Please join us!