Luca Piras
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Pavlidis, Michalis; Mouratidis, Haralambos; Tsohou, Aggeliki; Magkos, Emmanouil; Praitano, Andrea; Iodice, Annarita; Crespo, Beatriz Gallego-Nicasio
Authors
Mohammed Ghazi Al-Obeidallah
Michalis Pavlidis
Haralambos Mouratidis
Aggeliki Tsohou
Emmanouil Magkos
Andrea Praitano
Annarita Iodice
Beatriz Gallego-Nicasio Crespo
Contributors
Stefanos Gritzalis
Editor
Edgar R. Weippl
Editor
Gabriele Kotsis
Editor
A. Min Tjoa
Editor
Ismail Khalil
Editor
Abstract
The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.
Citation
PIRAS, L., AL-OBEIDALLAH, M.G., PAVLIDIS, M., MOURATIDIS, H., TSOHOU, A., MAGKOS, E., PRAITANO, A., IODICE, A. and CRESPO, B. G.-N. 2020. DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance. In Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M. and Khalil, I. (eds.) Trust, privacy and security in digital business: proceedings of 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020), 14-17 September 2020, Bratislava, Slovakia. Lecture notes in computer science, 12395. Cham: Springer [online], pages 186-201. Available from: https://doi.org/10.1007/978-3-030-58986-8_13
| Presentation Conference Type | Conference Paper (published) |
|---|---|
| Conference Name | 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020) |
| Start Date | Sep 14, 2020 |
| End Date | Sep 17, 2020 |
| Acceptance Date | Jun 1, 2020 |
| Online Publication Date | Sep 14, 2020 |
| Publication Date | Dec 31, 2020 |
| Deposit Date | Jan 22, 2021 |
| Publicly Available Date | Jan 22, 2021 |
| Publisher | Springer |
| Peer Reviewed | Peer Reviewed |
| Volume | 12395 |
| Pages | 186-201 |
| Series Title | Lecture notes in computer science |
| Series ISSN | 0302-9743 |
| Book Title | Trust, privacy and security in digital business: proceedings of 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020), 14-17 September 2020, Bratislava, Slovakia |
| ISBN | 9783030589851; 9783030589868 |
| DOI | https://doi.org/10.1007/978-3-030-58986-8_13 |
| Keywords | Privacy by design; Privacy engineering; Security engineering; Data protection; GDPR; Data scope management; Privacy |
| Public URL | https://rgu-repository.worktribe.com/output/1003508 |
Files
PIRAS 2020 DEFeND DSM (AAM)
(853 Kb)
PDF
You might also like
FedREVAN: real-time detection of vulnerable android source code through federated neural network with XAI.
(2024)
Presentation / Conference Contribution
Developing secured android applications by mitigating code vulnerabilities with machine learning.
(2022)
Presentation / Conference Contribution
A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2022)
Presentation / Conference Contribution
ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2021)
Presentation / Conference Contribution
Applying acceptance requirements to requirements modeling tools via gamification: a case study on privacy and security.
(2020)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search