Aggeliki Tsohou
Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform
Tsohou, Aggeliki; Magkos, Emmanouil; Mouratidis, Haralambos; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Gallego-Nicasio Crespo, Beatriz
Authors
Emmanouil Magkos
Haralambos Mouratidis
George Chrysoloras
Luca Piras
Michalis Pavlidis
Julien Debussche
Marco Rotoloni
Beatriz Gallego-Nicasio Crespo
Abstract
Purpose– General data protection regulation (GDPR) entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads toward many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which, however, they need to become aware of. GDPR compliance is a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of data governance for supporting GDPR (DEFeND) EU project is to deliver such a platform. The purpose of this paper is to describe the process, within the DEFeND EU project, for eliciting and analyzing requirements for such a complex platform. Design/methodology/approach– The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, the authors describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors. Findings– The findings provide the process for the DEFeND platform requirements’elicitation and an indicative sample of those. The authors also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements. Practical implications– The proposed software engineering methodology and data collection tools(i.e. questionnaires) are expected to have a significant impact for software engineers in academia and industry. Social implications– It is reported repeatedly that data controllers face difficulties in complying with theGDPR. The study aims to offer mechanisms and tools that can assist organizations to comply with the GDPR,thus, offering a significant boost toward the European personal data protection objectives. Originality/value– This is the first paper, according to the best of the authors’ knowledge, to provide software requirements for a GDPR compliance platform, including multiple perspectives.
Citation
TSOHOU, A., MAGKOS, E., MOURATIDIS, H., CHRYSOLORAS, G., PIRAS, L., PAVLIDIS, M., DEBUSSCHE, J., ROTOLONI, M. and CRESPO, B. G.-N. 2020. Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform. Information and computer security [online], 28(4), pages 531-553. Available from: https://doi.org/10.1108/ICS-01-2020-0002
Journal Article Type | Article |
---|---|
Acceptance Date | Mar 15, 2020 |
Online Publication Date | Apr 16, 2020 |
Publication Date | Oct 31, 2020 |
Deposit Date | Jan 18, 2021 |
Publicly Available Date | Jan 18, 2021 |
Journal | Information and computer security |
Print ISSN | 2056-4961 |
Electronic ISSN | 2056-497X |
Publisher | Emerald |
Peer Reviewed | Peer Reviewed |
Volume | 28 |
Issue | 4 |
Pages | 531-553 |
DOI | https://doi.org/10.1108/ICS-01-2020-0002 |
Keywords | GDPR; Compliance; Software requirements; Prioritisation |
Public URL | https://rgu-repository.worktribe.com/output/1003519 |
Files
TSOHOU 2020 Privacy, security, legal (AAM)
(756 Kb)
PDF
You might also like
Developing secured android applications by mitigating code vulnerabilities with machine learning.
(2022)
Presentation / Conference Contribution
A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2022)
Presentation / Conference Contribution
ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2021)
Presentation / Conference Contribution
Applying acceptance requirements to requirements modeling tools via gamification: a case study on privacy and security.
(2020)
Presentation / Conference Contribution
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
(2020)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search