Esc
↑↓ navigate   Enter open   Esc close
Advanced 6 topic areas 25+ exercises

Privacy Engineer

Privacy Engineers translate legal and regulatory privacy requirements (GDPR, CCPA, PIPEDA) into technical implementations. Their daily work includes building consent management platforms, implementing data subject request pipelines, running privacy threat models on new features, and writing privacy impact assessments. This path builds the precise vocabulary needed to discuss privacy engineering decisions with legal teams, product managers, and regulators.

Start first exercise → Browse all exercises

Topics covered

  • Privacy by design
  • Consent management
  • Data subject rights
  • PII & anonymization
  • Privacy threat modeling
  • Compliance engineering

Vocabulary spotlight

4 terms every Privacy Engineer should know in English:

DSAR n.

Data Subject Access Request — a legally enforceable request from an individual to access, correct, or delete personal data held about them

"We built an automated DSAR pipeline that can fulfill right-to-erasure requests across all data stores within 30 days."
pseudonymization n.

Replacing directly identifying information (e.g., name, email) with a non-identifying reference (e.g., a UUID), so the data can no longer be attributed to a person without additional information kept separately

"We pseudonymized user IDs in the analytics pipeline, storing the mapping table in a separate access-controlled system."
data minimization n.

The GDPR principle that personal data should only be collected and retained to the extent necessary for its stated purpose

"The privacy review flagged that we were collecting birth dates for age verification but retaining them indefinitely — a data minimization violation."
DPIA n.

Data Protection Impact Assessment — a structured process to identify and mitigate privacy risks before deploying a new system or processing activity involving personal data

"GDPR requires a DPIA for any high-risk processing — we ran one before launching the behavioural analytics feature."
Open full glossary →

📚 Vocabulary Reference

Key terms organised by category for Privacy Engineers:

Legal Frameworks

GDPRCCPACPRAPIPEDAPDPAdata controllerdata processordata subjectlawful basislegitimate interest

Data Subject Rights

right to erasureright to accessright to portabilityright to rectificationconsent withdrawalDSARopt-outobjectionrestriction of processingautomated decision-making

Privacy Engineering

privacy by designdata minimizationpurpose limitationpseudonymizationanonymizationk-anonymitydifferential privacyconsent signalconsent management platformdata lineage

Assessments

DPIAPIAprivacy threat modelLINDDUNprivacy riskresidual riskdata mappingdata inventoryprocessing activity recordtransfer impact assessment
Study full vocabulary modules →

Recommended exercises

Privacy Engineer Interview Questions 5 exercises
Interview
Privacy Engineering Exercises 5 exercises
Exercises
Security Architecture Language 5 exercises
Exercises
Technical Writing for Policies 5 exercises
Writing
Data Engineering Language 5 exercises
Exercises

Real-world scenarios you'll practise

  • Writing a DPIA for a new analytics feature: documenting data flows, risk levels, and mitigation measures for regulatory review
  • Presenting a privacy threat model to the product team: walking through LINDDUN threats identified on a new data processing feature
  • Drafting an internal privacy policy: explaining data retention periods, lawful bases, and data subject rights in plain-English internal documentation
  • Reviewing a vendor data processing agreement: identifying and negotiating clauses related to sub-processors and data transfer mechanisms

Recommended reading

Explore another role

⚙️ ML Infrastructure Engineer

Open path →