Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.
Tsohou, Aggeliki; Magkos, Manos; Mouratidis, Haralambos; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Gallego-Nicasio Crespo, Beatriz
Dr Luca Piras email@example.com
Beatriz Gallego-Nicasio Crespo
GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
TSOHOU, A., MAGKOS, M., MOURATIDIS, H., CHRYSOLORAS, G., PIRAS, L., PAVLIDIS, M., DEBUSSCHE, J., ROTOLONI, M. and GALLEGO-NICASIO CRESPO, B. 2019. Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform. In Katsikas, S., Cuppens, F., Cuppens, N. et.al (eds.) Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy requirements engineering international workshops (SECPRE 2019), 1st Security, privacy organizations and systems engineering international workshops (SPOSE 2019) and 2nd Attacks and defences for Internet-of-Things international workshops (ADIoT 2019), 26-27 September 2019, Luxembourg City, Luxembourg. Lecture notes in computer science, 11980. Cham: Springer [online], pages 204- 223. Available from: https://doi.org/10.1007/978-3-030-42048-2_14
|Conference Name||24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy|
|Conference Location||Luxembourg City, Luxembourg|
|Start Date||Sep 26, 2019|
|End Date||Sep 27, 2019|
|Acceptance Date||Aug 9, 2019|
|Online Publication Date||Feb 22, 2020|
|Publication Date||Dec 31, 2020|
|Deposit Date||Feb 22, 2021|
|Publicly Available Date||Feb 22, 2021|
|Series Title||Lecture notes in computer science|
|Book Title||Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international wor|
|Keywords||GDPR; Compliance; Software requirements; Prioritisation|
TSOHOU 2019 Privacy security (CONFERENCE PAPER)
You might also like
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
Design thinking and acceptance requirements for designing gamified software.
DEFeND architecture: a privacy by design platform for GDPR compliance.