A Data Scope Management Service to Support Privacy by Design and GDPR Compliance

Luca Piras, Mohammad Al-Obeidallah, Michalis Pavlidis, Haris Mouratidis, Aggeliki Tsohou, Emmanouil Magkos, Andrea Praitano

    Research output: Contribution to journalArticlepeer-review


    In order to empower user data protection and user rights, the European General Data
    Protection Regulation (GDPR) has been enforced. On the positive side, the user is
    obtaining advantages from GDPR. However, organisations are facing many difficulties
    in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their
    lack of compliance, many organisations are receiving huge fines from authorities. An
    important challenge is compliance with the Privacy by Design and by default (PbD)
    principles, which require that data protection is integrated into processing activities
    and business practices from the design stage. Recently, the European Data Protection
    Board (EDPB) released an official document with PbD guidelines, and there are various
    efforts to provide approaches to support these. However, organizations are still facing
    difficulties in identifying a flow for executing, in a coherent, linear and effective way,
    these activities, and a complete toolkit for supporting this. In this paper, we propose the design of such flow, and our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for
    continuous GDPR compliance through model-based Privacy by Design analysis. Here,
    we present DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.
    Original languageEnglish
    Pages (from-to)136-165
    Number of pages29
    JournalJournal of Data Intelligence
    Issue number2
    Publication statusPublished - 30 Jun 2021


    • Privacy by Design
    • Privacy Engineering
    • Security Engineering
    • Data Protection
    • GDPR
    • Data Scope Management
    • Privacy


    Dive into the research topics of 'A Data Scope Management Service to Support Privacy by Design and GDPR Compliance'. Together they form a unique fingerprint.

    Cite this