Abstract
The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.
Original language | English |
---|---|
Title of host publication | Trust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings |
Editors | Stefanos Gritzalis, Edgar R. Weippl, Sokratis K. Katsikas, Gabriele Anderst-Kotsis, Ismail Khalil, A Min Tjoa |
Publisher | Springer |
Pages | 78-93 |
Number of pages | 16 |
ISBN (Print) | 9783030278120 |
DOIs | |
Publication status | Published - 2 Aug 2019 |
Event | 16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019 - Linz, Austria Duration: 26 Aug 2019 → 29 Aug 2019 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 11711 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019 |
---|---|
Country/Territory | Austria |
City | Linz |
Period | 26/08/19 → 29/08/19 |
Keywords
- Data protection
- GDPR
- Privacy by design
- Privacy engineering
- Security engineering
Fingerprint
Dive into the research topics of 'DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance'. Together they form a unique fingerprint.Profiles
-
Michalis Pavlidis
- School of Arch, Tech and Eng - Principal Lecturer
- Computing and Mathematical Sciences Research Excellence Group
Person: Academic