Architecture for Privacy by Design and Default

Architecture for Privacy by Design and Default

A one-day workshop

GDPR is an EU law describing how organisation should manage data about people.  It is one of many current factors influencing architecture and design. The only certainty is that technology and regulation will evolve causing further change to the way organisations manage data about people.

Data lies at the heart of an organisation.  It manifests itself in many forms, for example as customer, employee, manager, patient, student, advisor, parent/child and so on.

It is imperative to have an architectural design and approach that satisfies our current needs for these various roles and provides future proofing for the inevitable changes that will happen. Such an approach provides stability, certainty and reduces cost and risk.

Privacy by design and default must be ‘baked in’ to culture, systems and processes. 

This course provides a proven approach to the development of fit for purpose, practical data architecture with supporting model, dictionary and inventory which are essential for GDPR compliance. 

This module is part of the EDMworks Data Management Agenda for Privacy

Completion of the course will provide the delegate with:

- An understanding of the practical meaning of "privacy by design and default

- An understanding of the key data management requirements of GDPR to satisfy data subjects rights and regulatory compliance obligations

- An architectural model for implementing privacy by design and supporting other business needs

- A data model for privacy and consent

- An approach to creating and maintaining data dictionaries, data flows and inventories needed to satisfy GDPR compliance

The course is structured into the following components:

The course is based on a one day workshop supported by an eLearning course for core GDPR content:

- A one-day seminar/workshop, highly interactive with case study exercises and feedback

- An eLearning self-paced module on the General Data Protection Regulation

Duration and timing

The workshop is a full day from 9-5pm.

The eLearning module has an approximate duration of 1 hour.

On-line certification

This course contains an on-line certifications for the eLearning components.

Delegates can take the test at any time. One resit is allowed.

The test consists of multiple choice, matching pair and true/false questions. Test questions are randomised.

The test should take approximately 15 minutes. There is a time limit of 30 minutes.

The delegate must answer all questions correctly.


There are self-assessments in the module that you can take as many times as you like.

This is confidential and does not form part of your test score.

On successful completion, a certificate is issued and an on-line record of achievement is maintained

Global availability

The course modules and certification test are globally available without restriction.

They can be accessed 24/7.


The cost of the course for one delegate is GBP 550 includes the workshop and the eLearning course (approx value GBP 100.00) (plus VAT where applicable). 


When making payment you will be presented with several different PayPal options. Please choose the right one for you. If you have any queries, please contact us at


If you would like to pay against an invoice then please email us with Purchase Order details at

Corporate Rates

If you are interested in making a bulk corporate order, please email for more information.

This provides the delegate with:

- The eLearning Course

- A recognised certificate

- The option to make this record public for job requirements

Course Contents

The requirements of GDPR for Privacy by Design and Default

- Data subject rights 

- Regulatory compliance

- Privacy Impact Assessments

- Breach Incident Management

- Data scope

- Consent and legitimate grounds

- Relevance

- Minimal

- Proportional

Architecture for privacy by design and default

- GDPR and other requirements

- Architecture scope, policy and principles

- Architecture principles and policies

- Current data architecture

- Target data architecture

- The scope of data within the target

- Organisation capabilities, effectiveness and control

- Implementation options for effective architecture

The architecture for privacy by design and default

- Data Model and taxonomies

- Organisational structure and data ownership

- Systems implementation- an example of the target

- Outsource providers

- Audit and control

Alternative approaches to pseudonymous data

- Data held centrally

- Data federated

- Control and access approaches

Data Model for People, Privacy and Consent

- Sensitive data

- Recording “Legitimate grounds

- Recording change to consent over time

- Overall data model

Data Dictionary and essential governance tools

- Dictionary of personal data terms and aliases

- Organisation structure and allocation of data accountabilities

- Systems inventory

- Which systems have the data

- Transformation between systems

- Mapping controls and accountabilities

- Data flows/lineage and control mapping

Last modified: Monday, 26 September 2016, 2:17 PM