An Agile Framework for Building GDPR Privacy and Data Protection Requirements into SDLC

Explore an agile framework for integrating GDPR privacy and data protection requirements into the software development lifecycle in this 35-minute conference talk from AppSecUSA 2017. Learn how to build GDPR-compliant software efficiently using a vendor and technology-agnostic toolkit based on a tag-based approach. Discover a set of tags organized into 14 classes that capture privacy requirements relevant to software development, deployment, and operation. Follow a case study developing an agile scrum template for an IoT system transmitting private information across international borders. Gain insights from recent stories and case studies illustrating the consequences of missing crucial privacy tags. Presented by Farbod H Foomany, Senior Security Researcher at Security Compass, and Mina Miri, Application Security Researcher at Security Compass, this talk provides valuable strategies for ensuring GDPR compliance in software development.

Introduction
Overview
Traditional Software Lifecycle
Problem with this approach
Challenges
Types of Tasks
Privacy Security Tasks
Tagging
Examples
Template
Report
Tag
Smart Bracelet Example
Summary Slides