Secure Personal Information in a Strategic and User-Friendly Way

  • TYPE: Combined Session DATE: Tuesday, October 30, 2018 TIME: 13:30-14:30 LOCATION: Salon A & B

Privacy By Design in Practice

 Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences.
Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these principles are adopted, it is possible to achieve each individual privacy regulation compliance easily with minimum time and effort. This talk introduces a number of well-known privacy by design principles and explores how they implemented in real-world scenarios. This talk also highlights the benefits of each of these principles with potential implications. 

In the context of a high-level system architecture, separating personal and security data from other business and operational data is one of the core principles. The responsibility of managing personal and security data can be delegated to a specific module or dedicated IAM solution, as other components request for personal data in an on-demand and transient manner - usually through standard security tokens such as OpenID Connect, SAML or JWT token. 

Once personal and security data are isolated from other systems, it is possible to apply set of security and privacy best practices. These include data minimization when capturing and storing data, data anonymization when storing, pseudonymization during strong, the use of a system-generated ID during data sharing, encryption before storing, and storing hashes instead of the original value. 

Design and provide a user-centric experience are also key design principles. For example, all data processing activities have to be transparent for users and they need to be informed of these activities. Usually, these activities require clear and active consent from users. Systems should facilitate to review and revoke previously given consent. Systems should also provide means to modify or remove user profiles by themselves. The adoption of strong and adaptive authentication mechanisms, use of up-to-date cryptographic algorithms, and libraries also help to improve the end-to-end security of the system.

Key takeaways:

- Why you should invest and focus more on Privacy By Design (PbD) than individual privacy standards 
- Assess the impact of each PbD principle
- Learn proven industry level best practices to embody PbD principles into your system design

Watch videos:  
Log in to download presentations:  


Sagara Gunathunga is a Director at WSO2 and part of the team that spearheads WSO2’s architecture efforts related to Identity and Access Management (IAM). Sagara has spoken on GDPR and privacy at workshops across the EU and WSO2Con in Europe, USA, and Asia. He will also deliver a...


Session Links

Privacy By Design in Practice

The End of the Password – How to Really Protect Digital Identity

Amsterdam, Netherlands


Consumer Identity World EUROPE 2018

Registration fee:
€1200.00 $1500.00 S$1920.00 13200.00 kr
Mastercard Visa American Express PayPal
Contact person:

Ms. Lauren Zuber
+49 211 23707725
  • Oct 29 - 31, 2018 Amsterdam, Netherlands