GDPR Article 25 Privacy-By-Design Review for a HealthTech API
Overview
What this challenge is about.
Review the API specification (OpenAPI 3, provided, 42 endpoints). For each endpoint: identify data categories handled (special-category health data, identifiers, traffic data), apply Article 25 principles (data minimization, purpose limitation, storage limitation, pseudonymization, default-off opt-in), and score compliance on a 1-5 scale. For every gap, propose a concrete fix (schema change, retention policy, default behavior). Cross-reference with EDPB Guidelines 4/2019. Deliver a per-endpoint scoring sheet, a list of 15-25 prioritized fixes with effort estimates, and a 7-page report the DPO can sign off and present to the Supervisory Authority on request.
The Brief
What you'll do, and what you'll demonstrate.
Conduct a GDPR Article 25 review of a 42-endpoint patient-facing API and produce a prioritized fix list the DPO will sign off.
Earning criteria — what you'll demonstrate
- Apply GDPR Article 25 principles to a real API specification
- Differentiate data-minimization fixes from purpose-limitation fixes
- Map gaps to EDPB Guidelines so the DPO can defend the analysis
- Prioritize privacy fixes against engineering effort honestly
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.