Privacy.
Governance.
Digital Trust.
A professional journey dedicated to the integration of law, data protection, technology and organisational governance.
The work developed focuses on transforming data protection into an operational practice: understandable, implementable and demonstrable. Not merely as a legal obligation, but as a governance framework capable of strengthening trust, institutional responsibility and digital sustainability.
Data Protection by Design and by Default
The doctoral research conducted at the University of Reading sought to address a central challenge of the GDPR: the gap between abstract legal requirements and their effective implementation within organisations.
Data Protection Principles Approach (DPPA)
The thesis proposes an innovative compliance model based on the core principles of the GDPR and the fundamental rights of data subjects. The objective is not merely to verify formal compliance, but to integrate data protection into organisational processes, decisions, technologies and governance structures.
The DPPA was conceived as a model designed to operationalise data protection by design and by default, addressing tensions between security, organisational needs, technological evolution and the effective protection of individual rights.
The model moves away from purely documentary or economic approaches, advocating instead for a framework centred on principles, risk, accountability and continuous governance.
Article 25 GDPR
The research focuses on the practical implementation of Article 25 GDPR — data protection by design and by default — as a structural and cross-cutting obligation.
Evidence-based compliance
The methodology incorporates quantitative and qualitative analysis of regulatory decisions, GDPR fines and organisational practices.
Rights-centred approach
The model places the rights and interests of data subjects at the centre of the compliance architecture.
A principles-based compliance framework
The Data Protection Principles Approach was developed to transform legal principles into concrete organisational mechanisms.
Rights and principles at the centre
Transparency, data minimisation, purpose limitation, security, accountability and data protection by default as structural elements of organisational decision-making.
Compliance as governance
Integration of data protection into internal processes, decision-making structures, policies and control mechanisms.
Privacy engineering
Alignment between legal requirements, information security, technological development and systems architecture.
Evidence and continuous review
Documentary evidence, auditing, periodic review and continuous improvement as permanent components of compliance.
Privacy applied within complex environments
The work developed encompasses organisational governance, compliance programmes, data protection within technological environments and the integration of security, risk and fundamental rights.
GDPR compliance programmes
Development of accountability models, records of processing activities, governance mechanisms and operational GDPR integration.
Impact assessments and risk management
Data protection impact assessments, proportionality analysis, risk mitigation and decision-making support in complex processing operations.
Security and privacy
Integration of information security, web security and data protection by design.
Public sector and public interest
Support for public bodies and initiatives focused on defending data subjects, digital literacy and responsible governance.
Privacy is governance in practice.
Data protection becomes meaningful when it influences decisions, reduces risks, improves processes and strengthens trust between organisations and individuals.
Get in touch