"Privacy is an opportunity, not an administrative burden"
Privacy Designer smooths the way to GDPR compliance
Every enterprise in Europe now has to comply with the General Data Protection Regulation (GDPR), which came into effect on 25 May. To ease compliance, a free platform called Privacy Designer is currently being built with support from SIDN Fund.
Privacy Designer is a joint initiative by Privacy Company and SURFne. Privacy Company provides advice, training and tools to help businesses stay the right side of the new European privacy legislation. SURFnet is the organisation for ICT collaboration in the Netherlands' education and research sector. GDPR compliance is a challenge for many smaller organisations. They lack the necessary in-house expertise, but find the cost of specialist advice prohibitive. And that's where Privacy Designer comes in. The project is headed up by Privacy Consultant Lennart Huizing.
Just how does Privacy Designer work?
Lennart: "It's a portal with a risk analysis area and a solution development area. In the risk analysis area, you build up a picture of the privacy risks that your product or service entails for users. What are the privacy-sensitive aspects? Are there any hidden dangers? Going through the risk analysis process obliges you to think about the way your organisation handles personal data. The second area of the portal is action-oriented. It provides a staged plan for getting to grips with personal data security. Plus suggested solutions. Privacy Designer builds on an earlier 'pioneer project' supported by SIDN Fund, called Big Privacy. Big Privacy provided a framework for 'privacy by design'. In other words, designing privacy protection into your services from the drawing board."
How important was the support from SIDN Fund?
Lennart: "Very important. Without SIDN Fund, the platform would never have got off the ground. The new privacy legislation is very complex. One of the weightiest pieces of legislation ever to come out of Brussels, in fact. Development of the platform was therefore an enormous undertaking. Privacy Company simply doesn't have the financial muscle to take on that task alone. However, with Privacy Company and SURFnet putting up 50 per cen
Did you find the grant application process straightforward?
Lennart: "Reasonably. Of course, we'd dealt with SIDN Fund before, in connection with our Big Privacy project. Nevertheless, our first application was rejected. That was obviously disappointing, but in hindsight I think the decision was justified. Fortunately, the rejection was also an invitation to do better. They really liked the idea in principle, but felt that we needed to be clearer about what we wanted to achieve. The feedback was so good that we were able to get to work immediately upgrading our proposal. So, by turning us down, the Fund helped us to deliver a better service."
Did you have any other interaction with SIDN Fund?
Lennart: "During the application process, we attended a very productive meeting organised by the Fund. That shaped our thinking a lot. Our earnings model is based on the strategic advice we were given at the meeting. The intention is ultimately to link commercial services to the platform, such as assistance with the reporting of data breaches. The experts at the meeting advised us not to try to get everything in place before going live. They thought it was better to focus on getting the basic platform -- the free service -- up and running quickly. Additional services can then be added later. It was really useful to hear their take on the project. They also put us in contact with people who could help us achieve our goals. Finally, their encouragement made it easier to build internal support for the concept."
SIDN's mission is connecting people and organisations to promote safe and convenient digital living. SIDN Fund was established in 2014 to support that mission. The foundation works to build a better internet for everyone by providing grants to projects that help to make the internet stronger, promote user empowerment or utilise the internet in innovative ways. By doing so, it contributes to the prosperity and wellbeing of the nation.
How is development of the platform going?
Lennart: "We expect to go live in the third quarter of this year. I'm currently working on it with a team of five. But, when we get down to developing the content, extra capacity will be assigned to the project for a while. After all, a huge body of knowledge and information needs to be made available in an accessible form."
What do you hope to achieve with Privacy Designer?
Lennart: "We're working with SURFnet to create a special portal for educational establishments, but there'll also be a public portal that anyone can use for free. I hope that Privacy Designer will help thousands of companies and other organisations to develop privacy-friendly products and services. Ultimately, the business community needs to start thinking of privacy as an opportunity, not an administrative burden. Taking care of your customers' data is a way to win consumer trust and gain a commercial advantage. In other words, privacy protection contributes to success. I hope that our platform is going to promote that kind of thinking."