The term Privacy by Design comes from the law – the General Data Protection Regulation – and means that hardware and software are designed from the ground up to protect privacy. At many points in software implementation and hardware selection, we can make decisions that are bad or good for privacy.
What data is private?
It’s not just about IT security (technical and organisational measures), but also about concepts and processes. What data do I actually need? Can I avoid data?
The opposite of privacy by design is the icing on the cake of privacy. Example:
A company develops software according to all the customer’s wishes, installs it and the application goes into production. The customer comes round after a year and says we still need “a pinch of privacy” – we have received a few complaints. Because the software and hardware were selected without privacy in mind, changes are very expensive, cumbersome or not possible at all.
Changes later can be very expensive
The legislator is aware of this problem and has counteracted it with this principle (GDPR). There are no literal regulations, but convictions are realistic if this principle is wilfully disregarded or ignored.
Why should I use Privacy by Design?
Legal: If you live and work in Europe, you should comply with the applicable law. The GDPR provides for penalties of up to 4% of the group’s annual turnover. It is often easier to be legally compliant than to go down the rocky legal road.
Save costs: Changes in the subsequent process are always difficult and cost-intensive. The project can fail if many changes have to be made. Those who plan for privacy at the same time are in a better position.
Maintain reputation: Data leaks can occur at any time, so it is better to have less data. No company wants to be labelled a data octopus, but companies want to retain the trust of their customers.
Is privacy and security the same thing?
Not all data is personal. This includes patents, recipes, sensor or weather data, for example. As a rule, this data has nothing to do with individuals and may be freely accessible on the Internet.
Weather is a secret
Many companies want to protect their data for commercial reasons. A chocolate cake recipe that half of Germany is addicted to should be at least as well protected. If the recipe is leaked, it is not a data protection offence, but it is a financial blow for the company.
9 tips for privacy by design
#1 Right from the start – planning
The aim is to get the “privacy” stakeholder on board early on. In IT and software projects, we have a lot of stakeholders who have their own vision of the goal and end product. End users want aspect X, bosses want feature Y and the regulatory authority wants access to Z.
A Data Protection Officer can develop a data protection concept together with the programmers. This employee does not have to be actively involved in the project around the clock. The concept must be in place at the beginning and the Data Protection Officer should assess the implementation (the current status) every few weeks.
#2 Plan security requirements
Data protection officers talk about technical/organisational measures and IT specialists talk about security controls.
Think carefully about which security controls make sense and how they can be implemented cost-effectively. Even if a control appears to be far too expensive (from today’s perspective), the option should be left open. This includes real-time monitoring, for example. A 24/7 service is very expensive, but may be justified in 3 years when the software takes off.
Splunk Monitoring is top
#3 As little data as possible
There are loads of forms on the Internet that ask for a lot of rubbish. We only need the absolutely necessary data from the end users. Here are a few examples:
Online shop: Name, address, e-mail (payment via third-party provider) – but not: birthday,
Game: e-mail address, payment via third-party provider
Club registration: Name, address, sport, – but not: occupation
#4 Display data – Required and authorised?
A classic example is parcel shipping.
On the parcel tracking website, the recipient does not need to know from whom and to whom the parcel is being sent, nor the contents. The parcel tracking links are usually publicly accessible. Anyone could guess the code and track the parcel. However, the recipient is only interested in the status, e.g. is located in the Buxtehude parcel centre.
#5 Use pseudonyms
Real names are nice, but rarely necessary. Pseudonyms or usernames are the better option for referencing customers.
An Anna Wolf could exist 10 times in the customer database, while Badman1001 may only appear once. Forums and social media have always used these features to allow users to express themselves more “freely” (which is good and bad :-/).
#6 Don’t reinvent cryptography
Encryption of data during storage and transfer is a cornerstone of a good privacy concept. As a developer, you do not have to and should not reinvent the wheel, but rely on the tried and tested encryption libraries. These are well tested and up-to-date. Remember to react quickly to patches in order to minimise the risk.
Also consider other best practices. Many frameworks use standards for user authentication and store passwords as hashes. In 99.99% of cases, you should not programme these components yourself, but use existing ones. Many login forms are so useless that criminals have an easy game.
#7 Prevent indirect analyses
Crawling is the systematic downloading of data from the Internet.
A crawler jumps from website to website with the links and extracts all valuable data from the website. For example, if the list of your friends is public, the crawler can download this list and download it from other friends and create a friend network.
#8 Comply with the law
There is no one privacy law.
Not only GDPR
Depending on the environment (e.g. healthcare / authorities), other laws apply that you must implement. Every EU country interprets the GDPR differently and companies implement security controls differently.
Get an overview of the laws that may affect you. In addition to laws, there are also supplier or ISO standards that may be relevant for you. Depending on how demanding your customers are, you may have to comply with different standards.
#9 Best security controls
HTTPs: Transport encryption is mandatory and is free and secure with Let’s Encrypt. Many web service providers provide HTTPs
VPN: VPNs are interesting for protecting networks in a company. Remote employees can work securely from anywhere in the world.
FDE: Fully encrypting hard drives prevents data on stolen devices (smartphones, laptops and servers) from remaining secure.
Patching: The best encryption is useless if it is insecure. You should regularly patch these and other zero-days on all your devices.
Rules of behaviour: Rules of conduct are essential to avoid social engineering. Data is only disclosed on the phone against secure authentication and no doors are kept open for unknown persons.
Dieser Beitrag ist zitierfähig. Adaptiere das Beispiel nach dem Harvard Stil: Lippke, Steffen (2026): ‘Programmieren lernen – Tutorial für Einsteiger’, Security and Coding Explosive Tutorials [online], 01. Januar 2026. Verfügbar unter: https://lippke.li/programmieren-lernen/, ISSN: 3054-3436
Leave a Reply