Article

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Authors:

Mohammed Ghazi Al-Obeidallah,

Michalis Pavlidis,

Haralambos Mouratidis,

Aggeliki Tsohou,

Emmanouil Magkos,

Andrea Praitano,

Annarita Iodice,

Beatriz Gallego-Nicasio CrespoAuthors Info & Claims

Trust, Privacy and Security in Digital Business: 17th International Conference, TrustBus 2020, Bratislava, Slovakia, September 14–17, 2020, Proceedings

Pages 186 - 201

https://doi.org/10.1007/978-3-030-58986-8_13

Published: 14 September 2020 Publication History

Abstract

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

References

[1]

Blank S The Four Steps to the Epiphany: Successful Strategies for Products that Win 2007 Hoboken Wiley

[2]

Deng M, Wuyts K, Scandariato R, Preneel B, and Joosen W A privacy threat analysis framework: supporting the elicitation and fulfilment of privacy requirements Requirements Eng. J. 2011 16 1 3-32

[3]

The Forrester New Wave

^{TM}

. https://www.forrester.com/report/The%20Forrester%20New%20Wave%20GDPR%20And%20Privacy%20Management%20Software%20Q4%202018/-/E-RES142698

[4]

GDPR temperature tool. http://gdprtool.cyberwatching.eu/Pages/Home.aspx

[5]

Horák, M., Stupka, V., Husák, M.: GDPR compliance in cybersecurity software: a case study of DPIA in information sharing platform. In: 14th International Conference on Availability, Reliability and Security (2019)

[6]

Kalloniatis C, Belsis P, and Gritzalis S A soft computing approach for privacy requirements wngineering: the PriS framework Appl. Soft Comput. 2011 11 7 4341-4348

[7]

Kurtz, C., Semmann, M., et al.: Privacy by design to comply with GDPR: a review on third-party data processors. In: Americas Conference on Information Systems (2018)

[8]

Maguire M Methods to support human-centred design Int. J. Hum.-Comput. Studies 2001 55 4 587-634

[9]

Mouratidis H Secure software systems engineering: the secure Tropos approach JSW 2011 6 3 331-339

[10]

Mouratidis H, Argyropoulos N, and Shei S Karagiannis D, Mayr H, and Mylopoulos J Security requirements engineering for cloud computing: the secure Tropos approach Domain-Specific Conceptual Modeling 2016 Cham Springer 357-380

[11]

Piras, L., Dellagiacoma, D., Perini, A., Susi, A., Giorgini, P., Mylopoulos, J.: Design thinking and acceptance requirements for designing gamified software. In: 13th International Conference on Research Challenges in Information Science (RCIS). IEEE (2019)

[12]

Piras L et al. Gritzalis S, Weippl ER, Katsikas SK, Anderst-Kotsis G, Tjoa AM, Khalil I, et al. DEFeND architecture: a privacy by design platform for GDPR compliance Trust, Privacy and Security in Digital Business 2019 Cham Springer 78-93

[13]

Privacy Tech Vendor Report. https://iapp.org/resources/article/2019-privacy-tech-vendor-report/

[14]

Rantos K, Drosatos G, Demertzis K, Ilioudis C, Papanikolaou A, and Kritsas A Lanet J-L and Toma C ADvoCATE: a consent management platform for personal data processing in the iot using blockchain technology Innovative Security Solutions for Information Technology and Communications 2019 Cham Springer 300-313

[15]

Romanou A The necessity of the implementation of privacy by design in sectors where data protection concerns arise Comput. Law Secur. Rev. 2018 34 1 99-110

[16]

Tsohou, A., et al.: Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform. Inf. Comput. Secur. J. (2020)

[17]

Tsohou A, et al., et al. Katsikas S, et al., et al. Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform Computer Security 2020 Cham Springer 204-223

Index Terms

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance
1. Security and privacy
  1. Human and societal aspects of security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Index terms have been assigned to the content through auto-classification.

Recommendations

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance
Trust, Privacy and Security in Digital Business
Abstract
The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to ...
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o '19: Proceedings of the 20th Annual International Conference on Digital Government Research

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...
Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships
EuroPLoP '17: Proceedings of the 22nd European Conference on Pattern Languages of Programs

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

Trust, Privacy and Security in Digital Business: 17th International Conference, TrustBus 2020, Bratislava, Slovakia, September 14–17, 2020, Proceedings

Sep 2020

232 pages

ISBN:978-3-030-58985-1

DOI:10.1007/978-3-030-58986-8

Editors:
Stefanos Gritzalis
School of Engineering, University of the Aegean, Karlovassi, Samos, Greece
,
Edgar R. Weippl
SBA Research, Vienna, Wien, Austria
,
Gabriele Kotsis
Johannes Kepler University of Linz, Linz, Oberösterreich, Austria
,
A Min Tjoa
Vienna University of Technology, Vienna, Wien, Austria
,
Ismail Khalil
Johannes Kepler University of Linz, Linz, Oberösterreich, Austria

© Springer Nature Switzerland AG 2020.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 14 September 2020

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 04 Jan 2025

Other Metrics

View Author Metrics

Citations

View Options

View options

Media

Figures

Other

Tables

View Table of Contents