Addressing the challenge of privacy engineering

Capgemini presents the framework for engineering privacy by design

Publish date:

The paradigm of privacy by design (PbD) has gained importance, both in academia and industry, since its inclusion in regulations, most notably in the EU General Data Protection Regulation (GDPR).

The main idea behind PbD is to embed privacy into the design of (the architecture of) an IT system rather than integrating it as a separate component after the system has been implemented. The first efforts to define PbD are credited to Cavoukian, who set out the core principles of this concept.

Figure 1: Privacy by design principles by Cavoukian

The importance of privacy by design has been generally acknowledged, with experts predicting that

… privacy will be an integral part of the next wave in the technology revolution and that innovators who are emphasizing privacy as an integral part of the product lifecycle are on the right track.”

However, translating these principles into engineering is still challenging; something that has been acknowledged, among others, by the European Union Agency for Network and Information Security (ENISA). Despite the fact that we are approaching the second year after entrance into force of the GDPR, there is still no standard or agreed best practice on how to integrate privacy into software development lifecycle.

In order to address this problem, Capgemini’s security expert, Dr. Fatbardh Veseli, together with researchers from Germany’s Goethe University and Sweden’s Karlstadt University, has developed a systematic approach to engineering privacy by design. The approach extends an existing privacy threat modeling framework – LINDDUN – and was demonstrated within the European innovation Project Credential to design and implement an architecture for a cloud-based, identity wallet platform.

Figure 2: Enhanced approach to applying privacy by design

The enhanced framework builds on data flow diagrams (DFDs) to model privacy threats at the design of a system. The framework itself is an instantiation of a model for privacy impact assessments (PIA), which is also required by the GDPR. Importantly, this approach addresses the need to consider environmental constraints, the project itself, and for an established process for continuously documenting such constraints and their impact on privacy into account. Furthermore, it defines mechanisms beyond privacy enhancing technologies (PETs) to mitigate identified threats, including the definition of organizational measures and promoting the integration privacy-friendly development principles in the software development lifecycle.

This framework has received positive feedback from different audiences within the EU, especially because it can directly be integrated into software engineering processes, addressing the acknowledged gap between regulation and engineering. Capgemini is happy to share this framework with its clients and guide them in integrating privacy into the software engineering practice, supporting compliance with (the principle of privacy by design of) the EU-GDPR. The enhanced framework is publicly available from Springer.

For more information, visit

Related Posts


Can AI save the security operations center?

Geert van der Linden
Date icon November 30, 2021

AI technologies can also perform threat modeling and impact analysis, activities that...


Mastering the critical art of cybersecurity in Automotive

Geert van der Linden
Date icon November 3, 2021

Steps OEMs need to take in order to get ahead of cyber threats


Improving the adoption of Privileged Access Management across the organization

Date icon October 26, 2021

Using best practices to drive increased adoption of effective Privileged Access Management...