DEFeND architecture: a privacy by design platform for GDPR compliance.

Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haralambos; Gallego-Nicasio Crespo, Beatriz; Bernard, Jean Baptiste; Fiorani, Marco; Magkos, Emmanouil; Sanz, Andr�s Castillo; Pavlidis, Michalis; D�Addario, Roberto; Zorzino, Giuseppe Giovanni

doi:10.1007/978-3-030-27813-7_6

DEFeND architecture: a privacy by design platform for GDPR compliance.

Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haralambos; Gallego-Nicasio Crespo, Beatriz; Bernard, Jean Baptiste; Fiorani, Marco; Magkos, Emmanouil; Sanz, Andr�s Castillo; Pavlidis, Michalis; D�Addario, Roberto; Zorzino, Giuseppe Giovanni

Authors

Luca Piras

Mohammed Ghazi Al-Obeidallah

Andrea Praitano

Aggeliki Tsohou

Haralambos Mouratidis

Beatriz Gallego-Nicasio Crespo

Jean Baptiste Bernard

Marco Fiorani

Emmanouil Magkos

Andr�s Castillo Sanz

Michalis Pavlidis

Roberto D�Addario

Giuseppe Giovanni Zorzino

Contributors

Stefanos Gritzalis
Editor

Edgar R. Weippl
Editor

Sokratis K. Katsikas
Editor

Gabriele Anderst-Kotsis
Editor

A. Min Tjoa
Editor

Ismail Khalil
Editor

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

Citation

PIRAS, L., AL-OBEIDALLAH, M.G., PRAITANO, A., TSOHOU, A., MOURATIDIS, H., GALLEGO-NICASIO CRESPO, B., BERNARD, J.B., FIORANI, M., MAGKOS, E., SANZ, A.C., PAVLIDIS, M., D'ADDARIO, R. and ZORZINO, G.G. 2019. DEFeND architecture: a privacy by design platform for GDPR compliance. In Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M. and Khalil, I. (eds.) Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria. Lecture notes in computer science, 11711. Cham: Springer [online], pages 78-93. Available from: https://doi.org/10.1007/978-3-030-27813-7_6

Conference Name	16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019)
Conference Location	Linz, Austria
Start Date	Aug 26, 2019
End Date	Aug 29, 2019
Acceptance Date	May 23, 2019
Online Publication Date	Aug 2, 2019
Publication Date	Dec 31, 2019
Deposit Date	Mar 1, 2021
Publicly Available Date	Mar 1, 2021
Publisher	Springer
Pages	78-93
Series Title	Lecture notes in computer science
Series Number	11711
Series ISSN	0302-9743
Book Title	Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria
ISBN	9783030278120
DOI	https://doi.org/10.1007/978-3-030-27813-7_6
Keywords	Privacy by design; Privacy engineering; Security engineering; Data protection; GDPR
Public URL	https://rgu-repository.worktribe.com/output/1238901