During the last few years, the General Data Protection Regulation (GDPR) has changed data processing in Europe and beyond. Unlike previous legislation concerning data protection, the existence of the GDPR is known by almost all data controllers, data processors and users. But when it comes to data protection by design and by default as demanded by Article 25 GDPR, appropriate system design cannot be taken for granted. Marit will explain various difficulties of enforcing Art. 25 GDPR from the perspective of a supervisory authority. She will compare the deficiencies in this area with the situation of implementing “security-by-design” approaches. Also, current trends stemming from technology design and from recent court decisions will be discussed concerning their relevance for compliance with data protection requirements. To achieve built-in data protection, Marit will present her “wish list” that addresses stakeholders such as researchers, developers, academic teachers, data protection officers, lawyers and the data protection authorities themselves.
Since 2015 Marit Hansen has been the State Data Protection Commissioner of Land Schleswig-Holstein and Chief of Unabhängiges Landeszentrum für Datenschutz (ULD). Before being appointed Data Protection Commissioner, she had been Deputy Commissioner for seven years. Since her diploma in computer science in 1995 Marit has been working on privacy and security aspects. Her focus is on “data protection by design” and “data protection by default” from both the technical and the legal perspectives. She often gives talks and has been lecturing at various universities and academies and has contributed to several EU and national research projects. Marit was member of the Data Ethics Commission of the German Government. Her contribution to education and research on privacy-enhancing technologies has awarded her an honorary doctorate from Karlstad University, Sweden.