Privacy by Design
Privacy by Design means that privacy protections are built into systems from the ground up rather than added as compliance checkboxes after deployment. For data platforms, this means treating personal data as a liability to be minimised, not an asset to be maximised.
Technical Privacy Controls
- Anonymisation: Remove or generalise data so individuals cannot be re-identified. Note: true anonymisation removes data from GDPR scope entirely.
- Pseudonymisation: Replace direct identifiers with tokens. Data is still personal but de-risked.
- Differential Privacy: Add mathematically calibrated noise to query results so individual records cannot be inferred from aggregate outputs.
- Column-Level Encryption: Encrypt sensitive columns (SSN, email) at rest so even database administrators cannot read them without key access.