Learn privacy engineering tooling vocabulary: BigID PII scanning, data catalog with privacy classification, consent management platforms, privacy tests in CI, privacy design reviews — language for modern privacy engineering practice.
0 / 5 completed
1 / 5
The privacy team says: 'We use BigID to scan for PII across our data stores.' What is BigID and what does 'scanning for PII' mean?
BigID is a data intelligence and privacy management platform. It connects to data stores (databases, data lakes, file shares, cloud storage) and uses machine learning and pattern matching to automatically discover and classify personal data (PII such as names, emails, passport numbers, health data). Knowing where PII exists is a prerequisite for GDPR compliance, data subject request fulfilment, and breach impact assessment.
2 / 5
The data governance team explains: 'We use a data catalog with privacy classification to track all personal data assets.' What is a data catalog in a privacy context?
A data catalog (tools like Collibra, Alation, DataHub, or Amundsen) is an organised inventory of an organisation's data assets with rich metadata. In a privacy engineering context, the catalog includes privacy-relevant metadata: which tables contain PII, what type of PII (name, health data, financial data), who is the data owner, what is the retention period, and what is the privacy classification (public, internal, confidential, highly confidential). This enables systematic data governance and privacy compliance.
3 / 5
The frontend developer says: 'The CMP stores consent records for each user.' What is a CMP?
A CMP (Consent Management Platform) is a technology solution that presents consent choices to users (typically via a cookie banner or privacy preference centre), captures their selections, stores a timestamped record of each user's consent, and signals those preferences to analytics, advertising, and tracking systems. Under GDPR and ePrivacy regulations, organisations must obtain valid consent for non-essential cookies and tracking. Consent records must be auditable.
4 / 5
The CI pipeline configuration includes: 'privacy-test: scan application logs for PII patterns.' What is the purpose of a privacy test in CI?
A privacy test in CI automatically scans code artefacts — log outputs, API response samples, error messages — for patterns indicating PII (email addresses, names, national ID numbers, payment card numbers). Logging PII accidentally (e.g., logging a full request body that contains a password or email) is a common privacy violation. Catching it in CI before deployment prevents PII from being stored in production logs where it should not be.
5 / 5
The engineering manager says: 'The privacy review is part of the design process — any feature handling personal data goes through it before development starts.' What is the purpose of a privacy review at design time?
A privacy review (sometimes called a Privacy Impact Assessment or Data Protection Impact Assessment, DPIA) evaluates a new feature or system at the design stage before development begins. It identifies: what personal data is collected and why, the lawful basis, potential privacy risks, data minimisation opportunities, retention periods, security controls, and third-party data sharing. Catching privacy issues at design time is far cheaper and more effective than retrofitting compliance after the system is built.