Privacy by Design in .NET

Privacy is not enforced by legal teams. It is enforced by how you design database schemas, structure APIs, implement logging, and manage data workflows. Privacy by design means treating personal data as toxic waste requiring systematic containment and controlled disposal.

Most organizations treat privacy as a compliance checkbox. They implement a “right to be forgotten” button, display a privacy policy, and consider the requirement satisfied. In reality, personal data continues flowing through applications unchecked—captured in logs, stored in caches, replicated across databases, archived in backups. A deletion request arrives, but the system cannot actually fulfill it because it was never designed to support data deletion.

Privacy Engineering Practices

Effective privacy implementation requires architectural decisions: separating personal data from operational data, implementing retention policies in code, exposing data access endpoints, tracking data lineage, and designing APIs that respect purpose limitation. These are not add-on features—they are foundational design properties.

ISO/IEC 27701 provides the framework for implementing privacy as a measurable engineering discipline rather than a compliance afterthought.

Nobody Runs Your Cleanup Script (And Regulators Know It)

“Storage is cheap” — until your data retention strategy becomes evidence in a GDPR lawsuit.

After 15+ years in enterprise software, I’ve seen this pattern in project after project: elaborate wiki documentation, a cleanup script nobody runs, and production databases growing exponentially with personal data that should have been deleted years ago. The compliance checkbox is marked, but the actual deletion never happens.

When regulators investigate, they don’t want your policy documents. They want execution logs proving deletion actually happened. Azure Storage lifecycle policies, Cosmos DB TTL, and scheduled Functions give you exactly that — automated retention that runs without human intervention, with full audit trails.

Cookie Banners Won't Save You From ISO 27701

That boolean column you call “consent”? Regulators will laugh at it.

ISO 27701 demands granular, auditable, expiring consent, not cookie theater. Here’s the complete .NET implementation with Entity Framework Core, middleware validation, and Azure Functions that survives an audit.

Stop Hoarding Personal Data in Entity Framework

The classic monolithic User entity—stuffed with birth dates, phone numbers, employment history, and marital status “just in case”—turns into a compliance nightmare the moment someone requests data deletion. You can’t delete without breaking referential integrity. You can’t keep the data without violating GDPR. You can’t anonymize without retaining fields that should never have existed. The solution isn’t complex: separate operational data from personal data, make consent-based fields nullable and purpose-documented, implement soft deletes with query filters, and validate your API boundaries with integration tests that fail when unnecessary fields leak through. Data minimization isn’t regulatory overhead—it’s architectural hygiene that makes your deletion logic straightforward and your audit responses honest.