concept#Data#Security#Governance

Privacy

Core principles and measures for protecting personal data that guide technical and organizational decisions.

Privacy describes principles and measures to protect personal data and preserve confidentiality, integrity, and availability.

Maturity

Established

Cognitive loadMedium

Classification

ComplexityMedium
Impact areaOrganizational
Decision typeArchitectural
Organizational maturityAdvanced

Technical context

Integrations

Identity and access management systemsLogging and audit infrastructureData classification and DLP solutions

Principles & goals

Principles

Data minimization: collect only what is necessary.Purpose limitation: define and document processing purposes.Privacy by Design: consider privacy early in design.

Value stream stage

Build

Organizational level

Enterprise, Domain, Team

Use cases & scenarios

Use cases

Scenarios

Compromises

Risks

Incomplete data inventory leads to compliance breaches.
Missing or poor consent processes can trigger fines.
Overly restrictive measures can impair analytics and product features.

Best practices

Apply Privacy by Design and Privacy by Default.
Introduce automated deletion and retention processes.
Perform regular Data Protection Impact Assessments.

I/O & resources

Inputs

Data inventories and processing records
Legal requirements and policies
Technical architecture and data flows

Outputs

Privacy policy, DPIAs and technical migration plans
Configuration and implementation requirements
Audit reports and evidence documentation

Resources

Description

Privacy describes principles and measures to protect personal data and preserve confidentiality, integrity, and availability. Concepts such as data minimization, purpose limitation, pseudonymization, and Privacy by Design guide technical and organizational decisions. It affects system architecture, processes, compliance, and user interactions.

✔Benefits

Reduced legal risk and compliance assurance.
Higher user trust through transparency and control.
Better data quality through targeted collection and storage.

✖Limitations

Technical limitations for retroactive anonymization.
Additional development effort and operational costs.
Legal uncertainties for cross-border data transfers.

Trade-offs

Metrics

Number of reported privacy incidents
Measure incidents per period to assess risk level.
Time to fulfill a data access request
Average time from request to delivery of data to requester.
Share of minimized / pseudonymized datasets
Percentage of sensitive data that is minimized or pseudonymized.

Examples & implementations

GDPR compliance in an EU product

Implementation of data minimization, rights management and processing register to meet regulatory requirements.

Privacy by Design for mobile apps

Architecture opts for local storage, limited telemetry and opt-in for analytics.

Pseudonymization in analytics pipelines

Identifiers are replaced before aggregation and access to raw data is restricted.

Implementation steps

Create and prioritize a data inventory.

Integrate privacy requirements into architecture and design.

Implement technical measures (pseudonymization, encryption).

Establish processes for access, deletion and monitoring.

⚠️ Technical debt & bottlenecks

Technical debt

Legacy systems without deletion mechanisms and missing metadata.
Ad-hoc workarounds for consent management instead of stable solutions.
Missing automated tests for privacy features.

Known bottlenecks

Incomplete data inventoriesLegacy systems with undocumented data flowsLack of automation for deletion and access processes

Misuse examples

Insufficient anonymization leads to re-identification.
Missing access logging prevents traceability.
Consents are hard to find and presented unclearly.

Typical traps

Focusing only on legal requirements and neglecting technical implementation.
Planning one-off measures without long-term governance.
Complex pseudonymization without recoverability for legitimate purposes.

Required skills

Basics of data protection law (e.g. GDPR)Privacy engineering and secure architecture patternsData modelling and data flow analysis

Architectural drivers

Privacy requirements from regulatory frameworks (e.g. GDPR).Minimizing attack surface by reducing data.Transparency and traceability for audits and requests.

Constraints

• Legal requirements vary by region and change over time.
• Third-party technical dependencies may impose constraints.
• Performance requirements must not be unreasonably impaired by privacy measures.