Op zoek naar een methodologie om privacybehoeften mee te nemen als criterium tijdens het ontwikkelproces van nieuwe software? LINDDUN werd er speciaal voor ontwikkeld! Bekijk hier het programma van deze in het Engels gedoceerde opleiding en reserveer snel uw plaats.

Privacy is becoming a key issue in today's e-society. It is of utter most importance that privacy is integrated in the software development lifecycle as soon as possible. LINDDUN is a privacy threat analysis methodology that supports analysts in eliciting privacy requirements.

"The LINDDUN methodology broadly shares the principles of the CNIL method but it puts forwards a more systematic approach based on data flow diagrams and privacy threat tree patterns.", ENISA, Privacy and Data Protection by Design – from policy to engineering . (December 2014)

LINDDUN was developed, evaluated, and updated by researchers from the DistriNet Research Group at KU Leuven.


1. A technical approach to the legal obligations of GDPR 
Kim Wuyts (Postdoctoral researcher at IMEC-DistriNet, KU Leuven)

Whether you are ready or not, the GDPR deadline is approaching fast. But how can you translate all these legal obligations into technical requirements? This talk will provide technical insights on how to put key legal obligations in practice.


  • key GDPR obligations in a nutshell

  • technical interpretation of GDPR obligations

  • a systematic approach to tackle GDPR obligations in the creation and exploitation of digital services

  • tip and tricks from experts

Kim Wuyts is a postdoctoral researcher at the Department of Computer Science at KU Leuven (Belgium). She has more than 10 years of experience in security and privacy in software engineering. Kim is one of the main forces behind the development and extension of LINDDUN, a privacy-by-design framework that provides systematic support to elicit and mitigate privacy threats in software systems.

2.  Towards agile privacy engineering with LINDDUN
Aram Hovsepyan (Postdoctoral researcher at IMEC-DistriNet, KU Leuven)

The GDPR requires the implementation of “suitable” technical measures. What does this mean in practice? This tutorial will elaborate on how you can execute a privacy impact assessment to identify and mitigate existing privacy threats in a systematic way.


  • the importance of privacy engineering

  • a systematic approach for a technical privacy impact assessment using LINDDUN

  • mitigating privacy threats using LINDDUN

  • practical tips and tricks through case studies

Aram Hovsepyan received a Ph.D. in Engineering from KU Leuven (Belgium) on model-driven software development methodologies. He is currently a postdoc researcher at the Department of Computer Science of KU Leuven. His main research interests lie in the area of privacy by design methodologies. Aram is also running a software firm specialized in developing custom-cooked software systems.

3.  Use case: Rombit, best practices & pitfalls in integrating LINDDUN
Nico Janssens (Technical Director at Rombit)

Getting to full compliance with GDPR requires various changes to an organization's structure and processes. In this talk we address how Rombit is preparing to become GDPR ready, illustrating among others how we integrate LINDDUN in our BA and DevOps processes. Additional to organizational and process changes, we also present software engineering techniques to build scalable data processing solutions that are prepared to stay in compliance with the GDPR.


  • impact of GDPR on Rombit organization's structure and processes

  • integration of LINDDUN in Rombit's BA and DevOps processes

  • design patterns to comply with technical aspects of GDPR

Nico Janssens is Technical Director at Rombit, leading the R&D activities of Rombit's Romcore solution - an in-house developed PaaS solution for building and hosting large scale, mission critical IoT solutions. Before joining Rombit, Nico was a senior researcher at Alcatel-Lucent Bell labs, working on various topics related to the cloudification of telecommunication software. He holds an M.Sc. in Informatics and a Ph.D. in Computer Science, both from the University of Leuven. Nico's main research interests are in the areas of large-scale distributed systems and virtualized IoT solutions, including topics like dynamic right-sizing (elasticity), massive scalability, real-time analytics, and security. Nico authored around 20 international publications, and 10 filed patent applications.