Skip to main content

Privacy by Design: Challenges Today and Technological Implications

Privacy by Design: Challenges Today and Technological Implications


Privacy by Design: Challenges Today and Technological Implications

November 2nd, 2023

This article draws insights from a recent panel discussion featuring industry experts, including Linda Thielová, Head of Privacy Center of Excellence and DPO at OneTrust, Tumi Atolagbe, Senior GDPR Specialist at Soho House & Co, and Zsombor Orbán, Privacy/IT Technology Associate Partner at PROVARIS Varga & Partners.

From the voice of two renowned experts in GDPR (Tumi Atolagbe) and Privacy (Zsombor Orbán) this article addresses interesting questions about the challenges that a Data Privacy professional faces today in the scope of Privacy by Design and briefly the link and implications technology has on it.

“To be a data compliance specialist is not always something rewarding, it is hard the clients see the added value of your services as this is not always going back in low cost of money, so you need to point out the added value of your service which is to be in compliance with law.”

Zsombor Orbán

Q1: What to do in a situation in which a costumer approaches to you, they might have Data Privacy by Design Policy and procedures in paper but nobody in the company is really employing it? Where the reality is very far from the paper, where to start or be focused on?

Compliance depends on what to do and not what you have in procedures or any other compliance document. Intended to reality reflex what it is in paper maybe you do not need to do so much, just think about data minimization (collection and processing), achieving more purposes, usually not in a rock science level, make brainstorm and put that down in paper.

Q2: What would be the best approach for Privacy lawyers or people without a wide tech background in the implementation of technical tools in Privacy by Design (PbD)?

Have a good clarity around your data cycle, from collection to destruction, what role do the data play through its journey through the organization, this enables you tackle the next part of the journey which is your stakeholder mapping for this data set. Understand what data is doing and what ultimate purpose and goal is.

Q3: As this is evolving, is it ok for us to use the typical Privacy Impact Assessments for PbD? Or do we want to use something standalone?

Although there are good templates out there each template has a personal use, so it depends on the personal taste who implement that. Investing time in developing and understanding your own template will let you gain efficiency and productivity. To do this break down the project into the right stages and map the life cycle of your data. From this you will know which questions need to ask and consider what laws are behind.

Q4: What is the relation among PbD, Data governance and Privacy professionals?

PbD (Privacy by Design): Start projects with privacy for security and compliance from the beginning.
Data Governance: Organize, secure, and manage data consistently, ensuring compliance and security.
Project Incorporation: Plan with privacy, avoiding later compliance issues and project interruptions.
Business Impact: Privacy lapses harm reputation and legal standing, impacting businesses negatively.

PbD is a sort of data governance but for a certain tool project or process and data governance is the big system build up by small privacy design. Then, although the task force and later working part say PbD is on the topping of the cake, in fact, PbD is what the cake is done. So, if you build a project incorporating this perspective since the planning phase you can avoid situations where you need to stop a project and identify actions that are out of compliance.

Due to development of legal framework as a Privacy professional you are also working in the technology environment i. e. AI, or any platform data (META, Tiktok) and other online services which you or your clients are using heavily and could have an impact on business. i. e. if it is said that a company was using a platform illegally, a company’s client could suspend or terminate its account with them.

Q5: How to implement AI with a properly PbD approach in mind?


A Productive Tool

When using AI to enhance productivity, ensure that GDPR principles are met.

Integration into Services and Offerings

Integrating AI into your services and offerings comes with additional considerations:
1. Data privacy
2. Competitive and copyright questions
3. Compliance with UK Parliament guidelines, which require you to clearly indicate that content was generated with the assistance of AI.with the help of AI.

Q6: How much tech savvy should a DPO become to keep on top of all these technology changes?

A lot. In the same way system engineers, developers and system architects that are creating products has to be very aware about PbD. So, DPOs and they have to work together since the moment of exploring develop any innovation or business solution.


Data Protection Manager

Victoria Derumier

DPO certified & Data Protection Coordinator

We are supporting our clients in their GDPR compliance process. If you are interested, feel free to reach out our team for support

Contact us