DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Luca Piras; Mohammed Ghazi Al-Obeidallah; Andrea Praitano; Aggeliki Tsohou; Haralambos Mouratidis; Beatriz Gallego-Nicasio Crespo; Jean Baptiste Bernard; Marco Fiorani; Emmanouil Magkos; Andrès Castillo Sanz; Michalis Pavlidis; Roberto D’Addario; Giuseppe Giovanni Zorzino

doi:10.1007/978-3-030-27813-7_6

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Luca Piras, Mohammed Ghazi Al-Obeidallah, Andrea Praitano, Aggeliki Tsohou, Haralambos Mouratidis, Beatriz Gallego-Nicasio Crespo, Jean Baptiste Bernard, Marco Fiorani, Emmanouil Magkos, Andrès Castillo Sanz, Michalis Pavlidis, Roberto D’Addario, Giuseppe Giovanni Zorzino

University of Brighton

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

Original language	English
Title of host publication	Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings
Editors	Stefanos Gritzalis, Edgar R. Weippl, Sokratis K. Katsikas, Gabriele Anderst-Kotsis, Ismail Khalil, A Min Tjoa
Publisher	Springer
Pages	78-93
Number of pages	16
ISBN (Print)	9783030278120
DOIs	https://doi.org/10.1007/978-3-030-27813-7_6
Publication status	Published - 2 Aug 2019
Event	16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019 - Linz, Austria Duration: 26 Aug 2019 → 29 Aug 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11711 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019
Country/Territory	Austria
City	Linz
Period	26/08/19 → 29/08/19

Keywords

Data protection
GDPR
Privacy by design
Privacy engineering
Security engineering

Access to Document

10.1007/978-3-030-27813-7_6

TrustBus 2019 CRVAccepted author manuscript, 1.13 MB

Cite this

Piras, L., Al-Obeidallah, M. G., Praitano, A., Tsohou, A., Mouratidis, H., Gallego-Nicasio Crespo, B., Bernard, J. B., Fiorani, M., Magkos, E., Sanz, A. C., Pavlidis, M., D’Addario, R., & Zorzino, G. G. (2019). DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance. In S. Gritzalis, E. R. Weippl, S. K. Katsikas, G. Anderst-Kotsis, I. Khalil, & A. M. Tjoa (Eds.), Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings (pp. 78-93). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11711 LNCS). Springer. https://doi.org/10.1007/978-3-030-27813-7_6

Piras, Luca ; Al-Obeidallah, Mohammed Ghazi ; Praitano, Andrea et al. / DEFeND Architecture : A Privacy by Design Platform for GDPR Compliance. Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings. editor / Stefanos Gritzalis ; Edgar R. Weippl ; Sokratis K. Katsikas ; Gabriele Anderst-Kotsis ; Ismail Khalil ; A Min Tjoa. Springer, 2019. pp. 78-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{9c499c1d44544e589a7ad3ef9c8b18fa,

title = "DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance",

abstract = "The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.",

keywords = "Data protection, GDPR, Privacy by design, Privacy engineering, Security engineering",

author = "Luca Piras and Al-Obeidallah, {Mohammed Ghazi} and Andrea Praitano and Aggeliki Tsohou and Haralambos Mouratidis and {Gallego-Nicasio Crespo}, Beatriz and Bernard, {Jean Baptiste} and Marco Fiorani and Emmanouil Magkos and Sanz, {Andr{\`e}s Castillo} and Michalis Pavlidis and Roberto D{\textquoteright}Addario and Zorzino, {Giuseppe Giovanni}",

year = "2019",

month = aug,

day = "2",

doi = "10.1007/978-3-030-27813-7_6",

language = "English",

isbn = "9783030278120",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "78--93",

editor = "Stefanos Gritzalis and Weippl, {Edgar R.} and Katsikas, {Sokratis K.} and Gabriele Anderst-Kotsis and Ismail Khalil and Tjoa, {A Min}",

booktitle = "Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings",

note = "16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019 ; Conference date: 26-08-2019 Through 29-08-2019",

}

Piras, L, Al-Obeidallah, MG, Praitano, A, Tsohou, A, Mouratidis, H, Gallego-Nicasio Crespo, B, Bernard, JB, Fiorani, M, Magkos, E, Sanz, AC, Pavlidis, M, D’Addario, R & Zorzino, GG 2019, DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance. in S Gritzalis, ER Weippl, SK Katsikas, G Anderst-Kotsis, I Khalil & AM Tjoa (eds), Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11711 LNCS, Springer, pp. 78-93, 16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019, Linz, Austria, 26/08/19. https://doi.org/10.1007/978-3-030-27813-7_6

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance. / Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Praitano, Andrea et al.
Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings. ed. / Stefanos Gritzalis; Edgar R. Weippl; Sokratis K. Katsikas; Gabriele Anderst-Kotsis; Ismail Khalil; A Min Tjoa. Springer, 2019. p. 78-93 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11711 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - DEFeND Architecture

T2 - 16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019

AU - Piras, Luca

AU - Al-Obeidallah, Mohammed Ghazi

AU - Praitano, Andrea

AU - Tsohou, Aggeliki

AU - Mouratidis, Haralambos

AU - Gallego-Nicasio Crespo, Beatriz

AU - Bernard, Jean Baptiste

AU - Fiorani, Marco

AU - Magkos, Emmanouil

AU - Sanz, Andrès Castillo

AU - Pavlidis, Michalis

AU - D’Addario, Roberto

AU - Zorzino, Giuseppe Giovanni

PY - 2019/8/2

Y1 - 2019/8/2

N2 - The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

AB - The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

KW - Data protection

KW - GDPR

KW - Privacy by design

KW - Privacy engineering

KW - Security engineering

UR - http://www.scopus.com/inward/record.url?scp=85077124379&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-27813-7_6

DO - 10.1007/978-3-030-27813-7_6

M3 - Conference contribution with ISSN or ISBN

AN - SCOPUS:85077124379

SN - 9783030278120

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 78

EP - 93

BT - Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings

A2 - Gritzalis, Stefanos

A2 - Weippl, Edgar R.

A2 - Katsikas, Sokratis K.

A2 - Anderst-Kotsis, Gabriele

A2 - Khalil, Ismail

A2 - Tjoa, A Min

PB - Springer

Y2 - 26 August 2019 through 29 August 2019

ER -

Piras L, Al-Obeidallah MG, Praitano A, Tsohou A, Mouratidis H, Gallego-Nicasio Crespo B et al. DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance. In Gritzalis S, Weippl ER, Katsikas SK, Anderst-Kotsis G, Khalil I, Tjoa AM, editors, Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings. Springer. 2019. p. 78-93. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-27813-7_6

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Michalis Pavlidis

Cite this

DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Profiles

Michalis Pavlidis

Cite this