Luca Piras
DEFeND architecture: a privacy by design platform for GDPR compliance.
Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haralambos; Gallego-Nicasio Crespo, Beatriz; Bernard, Jean Baptiste; Fiorani, Marco; Magkos, Emmanouil; Sanz, Andr�s Castillo; Pavlidis, Michalis; D�Addario, Roberto; Zorzino, Giuseppe Giovanni
Authors
Mohammed Ghazi Al-Obeidallah
Andrea Praitano
Aggeliki Tsohou
Haralambos Mouratidis
Beatriz Gallego-Nicasio Crespo
Jean Baptiste Bernard
Marco Fiorani
Emmanouil Magkos
Andr�s Castillo Sanz
Michalis Pavlidis
Roberto D�Addario
Giuseppe Giovanni Zorzino
Contributors
Stefanos Gritzalis
Editor
Edgar R. Weippl
Editor
Sokratis K. Katsikas
Editor
Gabriele Anderst-Kotsis
Editor
A. Min Tjoa
Editor
Ismail Khalil
Editor
Abstract
The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.
Citation
PIRAS, L., AL-OBEIDALLAH, M.G., PRAITANO, A., TSOHOU, A., MOURATIDIS, H., GALLEGO-NICASIO CRESPO, B., BERNARD, J.B., FIORANI, M., MAGKOS, E., SANZ, A.C., PAVLIDIS, M., D'ADDARIO, R. and ZORZINO, G.G. 2019. DEFeND architecture: a privacy by design platform for GDPR compliance. In Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M. and Khalil, I. (eds.) Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria. Lecture notes in computer science, 11711. Cham: Springer [online], pages 78-93. Available from: https://doi.org/10.1007/978-3-030-27813-7_6
Presentation Conference Type | Conference Paper (published) |
---|---|
Conference Name | 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019) |
Start Date | Aug 26, 2019 |
End Date | Aug 29, 2019 |
Acceptance Date | May 23, 2019 |
Online Publication Date | Aug 2, 2019 |
Publication Date | Dec 31, 2019 |
Deposit Date | Mar 1, 2021 |
Publicly Available Date | Mar 1, 2021 |
Publisher | Springer |
Peer Reviewed | Peer Reviewed |
Pages | 78-93 |
Series Title | Lecture notes in computer science |
Series Number | 11711 |
Series ISSN | 0302-9743 |
Book Title | Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria |
ISBN | 9783030278120 |
DOI | https://doi.org/10.1007/978-3-030-27813-7_6 |
Keywords | Privacy by design; Privacy engineering; Security engineering; Data protection; GDPR |
Public URL | https://rgu-repository.worktribe.com/output/1238901 |
Files
PIRAS 2019 DEFeND architecture
(1.3 Mb)
PDF
Copyright Statement
This pre-copyedited version is made available under the Springer terms of reuse for AAMs: https://www.springer.com/gp/open-access/publication-policies/aam-terms-of-use
You might also like
Developing secured android applications by mitigating code vulnerabilities with machine learning.
(2022)
Presentation / Conference Contribution
A framework for privacy and security requirements analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2022)
Presentation / Conference Contribution
ConfIs: a tool for privacy and security analysis and conflict resolution for supporting GDPR compliance through privacy-by-design.
(2021)
Presentation / Conference Contribution
Applying acceptance requirements to requirements modeling tools via gamification: a case study on privacy and security.
(2020)
Presentation / Conference Contribution
DEFeND DSM: a data scope management service for model-based privacy by design GDPR compliance.
(2020)
Presentation / Conference Contribution
Downloadable Citations
About OpenAIR@RGU
Administrator e-mail: publications@rgu.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search