In this chapter, we discussed the security requirements of products and services for GDPR compliance. Generally, the security requirements cover the privacy notice, lawfulness of processing data, data minimization, consent, the right to object to data processing, the rights of the data subject, the right to data portability, data transfer, and the right to be forgotten.
We also illustrated some of the common product design issues. For example, the product doesn't provide an interface for the user to edit or export their own personal data. The default value of the user consent is always Agree. Furthermore, we also shared the self-assessment checklists for the GDPR data protection.
Five practical GDPR case studies were also discussed with a description of the issue, the suggested actions, and the open source tools to use. The cases covered data discovery, database anonymization...
