Skip to main content

Research Repository

Advanced Search

DEFeND architecture: a privacy by design platform for GDPR compliance.

Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haralambos; Gallego-Nicasio Crespo, Beatriz; Bernard, Jean Baptiste; Fiorani, Marco; Magkos, Emmanouil; Sanz, Andr�s Castillo; Pavlidis, Michalis; D�Addario, Roberto; Zorzino, Giuseppe Giovanni

Authors

Luca Piras

Mohammed Ghazi Al-Obeidallah

Andrea Praitano

Aggeliki Tsohou

Haralambos Mouratidis

Beatriz Gallego-Nicasio Crespo

Jean Baptiste Bernard

Marco Fiorani

Emmanouil Magkos

Andr�s Castillo Sanz

Michalis Pavlidis

Roberto D�Addario

Giuseppe Giovanni Zorzino



Contributors

Stefanos Gritzalis
Editor

Edgar R. Weippl
Editor

Sokratis K. Katsikas
Editor

Gabriele Anderst-Kotsis
Editor

A. Min Tjoa
Editor

Ismail Khalil
Editor

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

Citation

PIRAS, L., AL-OBEIDALLAH, M.G., PRAITANO, A., TSOHOU, A., MOURATIDIS, H., GALLEGO-NICASIO CRESPO, B., BERNARD, J.B., FIORANI, M., MAGKOS, E., SANZ, A.C., PAVLIDIS, M., D'ADDARIO, R. and ZORZINO, G.G. 2019. DEFeND architecture: a privacy by design platform for GDPR compliance. In Gritzalis, S., Weippl, E.R., Katsikas, S.K., Anderst-Kotsis, G., Tjoa, A.M. and Khalil, I. (eds.) Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria. Lecture notes in computer science, 11711. Cham: Springer [online], pages 78-93. Available from: https://doi.org/10.1007/978-3-030-27813-7_6

Presentation Conference Type Conference Paper (published)
Conference Name 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019)
Start Date Aug 26, 2019
End Date Aug 29, 2019
Acceptance Date May 23, 2019
Online Publication Date Aug 2, 2019
Publication Date Dec 31, 2019
Deposit Date Mar 1, 2021
Publicly Available Date Mar 1, 2021
Publisher Springer
Peer Reviewed Peer Reviewed
Pages 78-93
Series Title Lecture notes in computer science
Series Number 11711
Series ISSN 0302-9743
Book Title Trust, privacy and security in digital business: 16th Trust, privacy and security in digital business international conference 2019 (TrustBus 2019), 26-29 August 2019, Linz, Austria
ISBN 9783030278120
DOI https://doi.org/10.1007/978-3-030-27813-7_6
Keywords Privacy by design; Privacy engineering; Security engineering; Data protection; GDPR
Public URL https://rgu-repository.worktribe.com/output/1238901

Files




You might also like



Downloadable Citations