Aggeliki Tsohou
Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.
Tsohou, Aggeliki; Magkos, Manos; Mouratidis, Haralambos; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Gallego-Nicasio Crespo, Beatriz
Authors
Manos Magkos
Haralambos Mouratidis
George Chrysoloras
Luca Piras
Michalis Pavlidis
Julien Debussche
Marco Rotoloni
Beatriz Gallego-Nicasio Crespo
Contributors
Sokratis Katsikas
Editor
Fr�d�ric Cuppens
Editor
Nora Cuppens
Editor
Costas Lambrinoudakis
Editor
Christos Kalloniatis
Editor
John Mylopoulos
Editor
Annie Ant�n
Editor
Stefanos Gritzalis
Editor
Frank Pallas
Editor
J�rg Pohle
Editor
Angela Sasse
Editor
Weizhi Meng
Editor
Steven Furnell
Editor
Joaquin Garcia-Alfaro
Editor
Abstract
GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
Citation
TSOHOU, A., MAGKOS, M., MOURATIDIS, H., CHRYSOLORAS, G., PIRAS, L., PAVLIDIS, M., DEBUSSCHE, J., ROTOLONI, M. and GALLEGO-NICASIO CRESPO, B. 2019. Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform. In Katsikas, S., Cuppens, F., Cuppens, N. et.al (eds.) Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy requirements engineering international workshops (SECPRE 2019), 1st Security, privacy organizations and systems engineering international workshops (SPOSE 2019) and 2nd Attacks and defences for Internet-of-Things international workshops (ADIoT 2019), 26-27 September 2019, Luxembourg City, Luxembourg. Lecture notes in computer science, 11980. Cham: Springer [online], pages 204- 223. Available from: https://doi.org/10.1007/978-3-030-42048-2_14
| Conference Name | 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy |
|---|---|
| Conference Location | Luxembourg City, Luxembourg |
| Start Date | Sep 26, 2019 |
| End Date | Sep 27, 2019 |
| Acceptance Date | Aug 9, 2019 |
| Online Publication Date | Feb 22, 2020 |
| Publication Date | Dec 31, 2020 |
| Deposit Date | Feb 22, 2021 |
| Publicly Available Date | Feb 22, 2021 |
| Publisher | Springer |
| Pages | 204-223 |
| Series Title | Lecture notes in computer science |
| Series Number | 11980 |
| Series ISSN | 0302-9743 |
| Book Title | Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international wor |
| ISBN | 9783030420475 |
| DOI | https://doi.org/10.1007/978-3-030-42048-2_14 |
| Keywords | GDPR; Compliance; Software requirements; Prioritisation |
| Public URL | https://rgu-repository.worktribe.com/output/1003531 |
Files
TSOHOU 2019 Privacy security (CONFERENCE PAPER)
(922 Kb)
PDF
You might also like
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
(2020)
Conference Proceeding
Design thinking and acceptance requirements for designing gamified software.
(2019)
Conference Proceeding
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search