Skip to main content

Research Repository

Advanced Search

DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.

Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Pavlidis, Michalis; Mouratidis, Haralambos; Tsohou, Aggeliki; Magkos, Emmanouil; Praitano, Andrea; Iodice, Annarita; Crespo, Beatriz Gallego-Nicasio

Authors

Mohammed Ghazi Al-Obeidallah

Michalis Pavlidis

Haralambos Mouratidis

Aggeliki Tsohou

Emmanouil Magkos

Andrea Praitano

Annarita Iodice

Beatriz Gallego-Nicasio Crespo



Contributors

Stefanos Gritzalis
Editor

Edgar R. Weippl
Editor

Gabriele Kotsis
Editor

A. Min Tjoa
Editor

Ismail Khalil
Editor

Abstract

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

Citation

PIRAS, L., AL-OBEIDALLAH, M.G., PAVLIDIS, M., MOURATIDIS, H., TSOHOU, A., MAGKOS, E., PRAITANO, A., IODICE, A. and CRESPO, B. G.-N. 2020. DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance. In Gritzalis, S., Weippl, E.R., Kotsis, G., Tjoa, A.M. and Khalil, I. (eds.) Trust, privacy and security in digital business: proceedings of 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020), 14-17 September 2020, Bratislava, Slovakia. Lecture notes in computer science, 12395. Cham: Springer [online], pages 186-201. Available from: https://doi.org/10.1007/978-3-030-58986-8_13

Conference Name 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020)
Conference Location Bratislava, Slovakia
Start Date Sep 14, 2020
End Date Sep 17, 2020
Acceptance Date Jun 1, 2020
Online Publication Date Sep 14, 2020
Publication Date Dec 31, 2020
Deposit Date Jan 22, 2021
Publicly Available Date Jan 22, 2021
Publisher Springer
Volume 12395
Pages 186-201
Series Title Lecture notes in computer science
Series ISSN 0302-9743
Book Title Trust, privacy and security in digital business: proceedings of 17th Trust and privacy in digital business international conference 2020 (TrustBus 2020), 14-17 September 2020, Bratislava, Slovakia
ISBN 9783030589851; 9783030589868
DOI https://doi.org/10.1007/978-3-030-58986-8_13
Keywords Privacy by design; Privacy engineering; Security engineering; Data protection; GDPR; Data scope management; Privacy
Public URL https://rgu-repository.worktribe.com/output/1003508

Files







You might also like



Downloadable Citations