Privacy by Design & Privacy by Default

The General Data Protection Regulation and Privacy Technology

The General Data Protection Regulation GDPR applies from 25 May 2018. The concepts of data protection by design and by default are a legal obligation for the first time. Data controllers are obliged to ensure privacy throughout the whole design process of services, products, or systems. Furthermore, they are obliged to carry out a data protection impact assessment if there is a high risk to the rights and freedoms of the data subject. But how do you do it? Which processing requires a data protection impact assessment and how is an impact assessment carried out?

We offer a compact one-day training course on Privacy by Design & Default for preparing you with essential knowledge for conforming to the GDPR.

  • Workshop at Fraunhofer SIT, Rheinstrasse 75, 64295 Darmstadt – price on request
  • The event takes place for at least 10 participants
  • Inhouse Workshop – price on request (
  • Duration: 1 day

Dates in 2018

  • November 15


The Concepts of Privacy by Design and Privacy by Default

We will show privacy risks like unintentional privacy violations, intentional privacy violations, and privacy-violating side effects of desired services. For all of these types we will give examples of past incidents. For a clear understanding, we show how the notions of privacy, data protection and informational self-determination have evolved. At the end of this session, we visualize three aspects of technology of privacy by design.

Participants will be able to…

  • …differentiate between data privacy and data confidentiality
  • …get to know the characteristics of privacy by design and privacy by default

The General Data Protection Regulation (GDPR)

With the GDPR, the concept of data protection by design and by default is a legal obligation for the first time. This workshop gives you an overview about the most important changes with the GDPR and in particular of the legal requirements of data protection by design and default and the data protection impact assessment.


  • …will be able to understand what these legal obligations really mean for their organization
  • …will receive recommendations on technical and organisational tools useful for compliance with these legal requirements

Privacy Impact Assessment – how to?

The data protection impact assessment (DPIA) is a key element of the privacy by design process of the General Data Protection Regulation. We will give you suggestions so you can find out by yourself in which cases a DPIA is required and when it is not. We sketch a DPIA on a real sample technology. We will show you in which aspects the regulation allows flexibility and scalability.

You will…

  • …get to know a concrete set of processing operations which are subject to a DPIA and who should carry out a DPIA
  • …know the major steps how to carry out a DPIA.

Privacy Technologies

Starting from protection goals for privacy, we address various methods and technologies for protecting privacy. This talk handles privacy protection both from an enterprise perspective and from a user perspective.

You will …

  • … get specific recommendations for a system design based on the privacy-by-design principles.
  • … know several basic and advanced technologies for privacy protection.

Anonymization Concepts

Anonymization provides an opportunity for using personal data beyond its initial purpose – and gaining valuable insights – without violating data protection principles. However, anonymization must be done properly to avoid privacy infringements.

You will learn…

  • …basic concepts and pitfalls of anonymization
  • …the principle of k-anonymity
  • …more advanced strategies building on the basis of k-anonymity