AppSecEU08 How Data Privacy affects Applications and Databases

From OWASP
Jump to: navigation, search

This presentation will introduce the Data Privacy principles of the European Data Protection Directive. One of these principles is security. This simply means that applications and/or databases processing and storing personal data (personally identifiable information) need to have sufficient security controls applied in order to avoid unauthorised access to, modifications to and deletions of personal data.

Consequently when designing a new (web) application, of which you know that it will process and store personal data, it is important that a number of questions are addressed. After all, as with information security, it is better to include data privacy requirements from the beginning than adding controls later on in the development phase. Hence the presentation will show a way of adding a new questionnaire regarding data privacy into the development life cycle.