@inproceedings { , title = {Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.}, abstract = {GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.}, conference = {24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy }, doi = {10.1007/978-3-030-42048-2\_14}, isbn = {9783030420475}, note = {INFO COMPLETE (Info added by JW 7/12/2020) PERMISSION GRANTED (version = AAM; embargo = none; licence = pub's own; SHERPA = https://v2.sherpa.ac.uk/id/publication/36728 ) DOCUMENT READY (AAM downloaded from Brighton https://research.brighton.ac.uk/en/publications/privacy-security-legal-and-technology-acceptance-requirements-for 22/2/2021 LM) ADDITIONAL INFO - Contact: Luca Piras (REF OA compliance met at Brighton -see email from Tim Ison 4/3/2021 in contacts folder in publication inbox.)}, pages = {204-223}, publicationstatus = {Published}, publisher = {Springer}, url = {https://rgu-repository.worktribe.com/output/1003531}, keyword = {Interactive Machine Vision, GDPR, Compliance, Software requirements, Prioritisation}, year = {2020}, author = {Tsohou, Aggeliki and Magkos, Manos and Mouratidis, Haralambos and Chrysoloras, George and Piras, Luca and Pavlidis, Michalis and Debussche, Julien and Rotoloni, Marco and Gallego-Nicasio Crespo, Beatriz} editor = {Katsikas, Sokratis and Cuppens, Frédéric and Cuppens, Nora and Lambrinoudakis, Costas and Kalloniatis, Christos and Mylopoulos, John and Antón, Annie and Gritzalis, Stefanos and Pallas, Frank and Pohle, Jörg and Sasse, Angela and Meng, Weizhi and Furnell, Steven and Garcia-Alfaro, Joaquin} }