Skip to main content

Research Repository

Advanced Search

Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform.

Tsohou, Aggeliki; Magkos, Manos; Mouratidis, Haralambos; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Gallego-Nicasio Crespo, Beatriz

Authors

Aggeliki Tsohou

Manos Magkos

Haralambos Mouratidis

George Chrysoloras

Michalis Pavlidis

Julien Debussche

Marco Rotoloni

Beatriz Gallego-Nicasio Crespo



Contributors

Sokratis Katsikas
Editor

Frédéric Cuppens
Editor

Nora Cuppens
Editor

Costas Lambrinoudakis
Editor

Christos Kalloniatis
Editor

John Mylopoulos
Editor

Annie Antón
Editor

Stefanos Gritzalis
Editor

Frank Pallas
Editor

Jörg Pohle
Editor

Angela Sasse
Editor

Weizhi Meng
Editor

Steven Furnell
Editor

Joaquin Garcia-Alfaro
Editor

Abstract

GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

Citation

TSOHOU, A., MAGKOS, M., MOURATIDIS, H., CHRYSOLORAS, G., PIRAS, L., PAVLIDIS, M., DEBUSSCHE, J., ROTOLONI, M. and GALLEGO-NICASIO CRESPO, B. 2019. Privacy, security, legal and technology acceptance requirements for a GDPR compliance platform. In Katsikas, S., Cuppens, F., Cuppens, N. et.al (eds.) Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy requirements engineering international workshops (SECPRE 2019), 1st Security, privacy organizations and systems engineering international workshops (SPOSE 2019) and 2nd Attacks and defences for Internet-of-Things international workshops (ADIoT 2019), 26-27 September 2019, Luxembourg City, Luxembourg. Lecture notes in computer science, 11980. Cham: Springer [online], pages 204- 223. Available from: https://doi.org/10.1007/978-3-030-42048-2_14

Conference Name 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international workshops (CyberICPS 2019), 3rd Security and privacy
Conference Location Luxembourg City, Luxembourg
Start Date Sep 26, 2019
End Date Sep 27, 2019
Acceptance Date Aug 9, 2019
Online Publication Date Feb 22, 2020
Publication Date Dec 31, 2020
Deposit Date Feb 22, 2021
Publicly Available Date Feb 22, 2021
Publisher Springer
Pages 204-223
Series Title Lecture notes in computer science
Series Number 11980
Series ISSN 0302-9743
Book Title Computer security: revised and selected papers of 24th European symposium on research in computer security international workshops 2019 (ESORICS 2019), co-located with 5th Security of industrial control systems and cyber-physical systems international wor
ISBN 9783030420475
DOI https://doi.org/10.1007/978-3-030-42048-2_14
Keywords GDPR; Compliance; Software requirements; Prioritisation
Public URL https://rgu-repository.worktribe.com/output/1003531

Files







You might also like



Downloadable Citations