• Written by Lynn Greenwood
    26 April 2018

Above: Photo by Ian Keefe on Unsplash

With the General Data Protection Regulation (GDPR) looming, the challenge for design and management is to understand how to integrate privacy and security by design into a product, or platform, effectively. Product managers, or product owners, are expected to know their product inside out. But how much do you know about your product when it comes to privacy and security? How are you integrating it into your product team’s workflow? For most of us, this is a learning curve.

If, when developing a new product or platform, privacy and security is embedded throughout the system design process, privacy will be smoothly integrated into your product ,  allowing it to be secure from the start.

Implementing privacy and security by design into an existing product is more difficult. You need to deconstruct and analyse the existing system, which means carrying out a privacy and security audit on your product, from start to end. You need to consider how privacy has been embedded, find any risk areas, and add new user-friendly solutions into your product roadmap to ensure improvements with each iteration.

In her guide to implementing strong privacy practices, Ann Cavoukian of Global Privacy and Security by Design lays out a few key principles to consider when embedding the privacy by design framework. These can be assigned to any business practice or IT system, but in this post I have summarised them with regards to product management.


In conclusion, regardless of the size and structure, any organisation that encounters personal data must effectively manage and protect it.

Products are increasingly being judged based on the privacy and security they provide, while organisations are judged on the knowledge they share and the commitment they have to ensuring personal data is protected. This presents immense opportunities in the market for organisations or products ahead of the game.

Every team or organisation will integrate privacy and security by design into their products in their own way. All will face different challenges and accrue lessons learned, which will grow best practices for the benefit of all.

At Akvo, we are committed to improving our products by incorporating the privacy and security by design framework into our processes. Our partners entrust the personal data they capture to us, and we have an obligation to protect it as best we can.


Lynn Greenwood is GDPR-lead and product manager at Akvo. You can follow her on Twitter @lynngre.