Article

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Authors:

Mohammed Ghazi Al-Obeidallah,

Andrea Praitano,

Aggeliki Tsohou,

Haralambos Mouratidis,

Beatriz Gallego-Nicasio Crespo,

Jean Baptiste Bernard,

Emmanouil Magkos,

Andrès Castillo Sanz,

Michalis Pavlidis,

Roberto D’Addario,

Giuseppe Giovanni ZorzinoAuthors Info & Claims

Trust, Privacy and Security in Digital Business: 16th International Conference, TrustBus 2019, Linz, Austria, August 26–29, 2019, Proceedings

Pages 78 - 93

https://doi.org/10.1007/978-3-030-27813-7_6

Published: 26 August 2019 Publication History

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

References

[1]

The Forrester New Wave. https://www.forrester.com/report/The%20Forrester%20New%20Wave%20GDPR%20And%20Privacy%20Management%20Software%20Q4%202018/-/E-RES142698

[2]

Privacy Tech Vendor Report. https://iapp.org/resources/article/2018-privacy-tech-vendor-report/

[3]

Regulation 2016/679 and Directive 95/46/EC (GDPR) of the EU on the processing of personal data and on the free movement of such data (2016). https://publications.europa.eu/en/publication-detail/-/publication/3e485e15-11bd-11e6-ba9a-01aa75ed71a1/language-en

[4]

Capistrano EPS and Chen JV Information privacy policies: the effects of policy characteristics and online experience Comput. Stand. Interfaces 2015 42 24-31

[5]

Deng M, Wuyts K, Scandariato R, Preneel B, and Joosen W A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements Requir. Eng. J. 2011 16 3-32

[6]

Faßbender, S., Heisel, M., Meis, R.: Problem-based security requirements elicitation and refinement with pressure (2015)

[7]

Garcia: PRIPARE privacy by design methodology handbook. Technical report (2015)

[8]

Kalloniatis C, Belsis P, and Gritzalis S A soft computing approach for privacy requirements engineering: the PRiS framework Appl. Soft Comput. 2011 11 4341-4348

[9]

Mayer, N., Dubois, E., Matulevicius, R., Heymans, P.: Towards a measurement framework for security risk management

[10]

McDonald AM and Cranor LF The cost of reading privacy policies ISJLP 2008 4 543

[11]

Mouratidis H, Argyropoulos N, and Shei S Karagiannis D, Mayr H, and Mylopoulos J Security requirements engineering for cloud computing: the secure tropos approach Domain-Specific Conceptual Modeling 2016 Cham Springer 357-380

[12]

Pavlidis M, Mouratidis H, Gonzalez-Perez C, and Kalloniatis C Lambrinoudakis C and Gabillon A Addressing privacy and trust issues in cultural heritage modelling Risks and Security of Internet and Systems 2016 Cham Springer 3-16

[13]

Pavlidis M, Mouratidis H, and Islam S Modelling security using trust based concepts Int. J. Secure Softw. Eng. (IJSSE) 2012 3 36-53

[14]

Piras, L., Dellagiacoma, D., Perini, A., Susi, A., Giorgini, P., Mylopoulos, J.: Design thinking and acceptance requirements for designing gamified software. In: 13th International Conference on Research Challenges in Information Science (RCIS). IEEE (2019)

[15]

Tsohou A and Kosta E Enabling valid informed consent for location tracking through privacy awareness of users: a process theory Comput. Law Secur. Rev. 2017 33 434-457

[16]

Zheng, J., Gao, D.W., Lin, L.: Smart meters in smart grid: an overview. In: 2013 IEEE Green Technologies Conference (GreenTech) (2013)

Cited By

Ferreira LSilva DItzazelaia M(2023)Recommender Systems in CybersecurityKnowledge and Information Systems10.1007/s10115-023-01906-665:12(5523-5559)Online publication date: 5-Jun-2023
https://dl.acm.org/doi/10.1007/s10115-023-01906-6
Andrade VGomes RReinehr SFreitas CMalucelli A(2022)Privacy by Design and Software EngineeringProceedings of the XXI Brazilian Symposium on Software Quality10.1145/3571473.3571480(1-10)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3571473.3571480
Tang FØstvold BVidoni MFerreyra NCodabux Z(2022)Assessing software privacy using the privacy flow-graphProceedings of the 1st International Workshop on Mining Software Repositories Applications for Privacy and Security10.1145/3549035.3561185(7-15)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3549035.3561185
Show More Cited By

Index Terms

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Index terms have been assigned to the content through auto-classification.

Recommendations

Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o '19: Proceedings of the 20th Annual International Conference on Digital Government Research

To enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...
GDPR Compliance: Proposed Guidelines for Cloud-Based Health Organizations
Computer Security
Abstract
In this paper, we investigate the implications of the General Data Protection Regulation (GDPR) on the design of a Cloud-based Health System. Keeping secure healthcare information and protecting patients’ privacy is a major responsibility of all ...
An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security
CECC 2018: Proceedings of the Central European Cybersecurity Conference 2018

High returns for processing personal data and low penalties for privacy violations led to the circumstance that protection of privacy was often not considered a priority. To counter this habit and to harmonize data protection laws throughout the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

Trust, Privacy and Security in Digital Business: 16th International Conference, TrustBus 2019, Linz, Austria, August 26–29, 2019, Proceedings

Aug 2019

182 pages

ISBN:978-3-030-27812-0

DOI:10.1007/978-3-030-27813-7

Editors:
Stefanos Gritzalis
University of the Aegean, Mytilene, Greece
,
Edgar R. Weippl
SBA Research, Vienna, Austria
,
Sokratis K. Katsikas
Norwegian University of Science and Technology, Trondheim, Norway
,
Gabriele Anderst-Kotsis
Johannes Kepler University of Linz, Linz, Austria
,
A Min Tjoa
Software Competence Center Hagenberg, Hagenberg im Mühlkreis, Austria
,
Ismail Khalil
Johannes Kepler University of Linz, Linz, Austria

© Springer Nature Switzerland AG 2019.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 26 August 2019

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ferreira LSilva DItzazelaia M(2023)Recommender Systems in CybersecurityKnowledge and Information Systems10.1007/s10115-023-01906-665:12(5523-5559)Online publication date: 5-Jun-2023
https://dl.acm.org/doi/10.1007/s10115-023-01906-6
Andrade VGomes RReinehr SFreitas CMalucelli A(2022)Privacy by Design and Software EngineeringProceedings of the XXI Brazilian Symposium on Software Quality10.1145/3571473.3571480(1-10)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3571473.3571480
Tang FØstvold BVidoni MFerreyra NCodabux Z(2022)Assessing software privacy using the privacy flow-graphProceedings of the 1st International Workshop on Mining Software Repositories Applications for Privacy and Security10.1145/3549035.3561185(7-15)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3549035.3561185
Klymenko OKosenkov OMeisenbacher SElahidoost PMendez DMatthes F(2022)Understanding the Implementation of Technical Measures in the Process of Data Privacy Compliance: A Qualitative StudyProceedings of the 16th ACM / IEEE International Symposium on Empirical Software Engineering and Measurement10.1145/3544902.3546234(261-271)Online publication date: 19-Sep-2022
https://dl.acm.org/doi/10.1145/3544902.3546234
Dehling FFeth DPolst SSteffes BTolsdorf J(2021)Components and Architecture for the Implementation of Technology-Driven Employee Data ProtectionTrust, Privacy and Security in Digital Business10.1007/978-3-030-86586-3_7(99-111)Online publication date: 27-Sep-2021
https://dl.acm.org/doi/10.1007/978-3-030-86586-3_7
Saltarella MDesolda GLanzilotti R(2021)Privacy Design Strategies and the GDPR: A Systematic Literature ReviewHCI for Cybersecurity, Privacy and Trust10.1007/978-3-030-77392-2_16(241-257)Online publication date: 24-Jul-2021
https://dl.acm.org/doi/10.1007/978-3-030-77392-2_16
Piras LAl-Obeidallah MPavlidis MMouratidis HTsohou AMagkos EPraitano AIodice ACrespo B(2020)DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR ComplianceTrust, Privacy and Security in Digital Business10.1007/978-3-030-58986-8_13(186-201)Online publication date: 14-Sep-2020
https://dl.acm.org/doi/10.1007/978-3-030-58986-8_13

View Options

View options

Media

Figures

Other

Tables

View Table of Contents