DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance

Luca Piras, Mohammed Ghazi Al-Obeidallah, Andrea Praitano, Aggeliki Tsohou, Haralambos Mouratidis, Beatriz Gallego-Nicasio Crespo, Jean Baptiste Bernard, Marco Fiorani, Emmanouil Magkos, Andrès Castillo Sanz, Michalis Pavlidis, Roberto D’Addario, Giuseppe Giovanni Zorzino

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBNpeer-review

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

Original languageEnglish
Title of host publicationTrust, Privacy and Security in Digital Business - 16th International Conference, TrustBus 2019, Proceedings
EditorsStefanos Gritzalis, Edgar R. Weippl, Sokratis K. Katsikas, Gabriele Anderst-Kotsis, Ismail Khalil, A Min Tjoa
PublisherSpringer
Pages78-93
Number of pages16
ISBN (Print)9783030278120
DOIs
Publication statusPublished - 2 Aug 2019
Event16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019 - Linz, Austria
Duration: 26 Aug 201929 Aug 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11711 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference16th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2019
Country/TerritoryAustria
CityLinz
Period26/08/1929/08/19

Keywords

  • Data protection
  • GDPR
  • Privacy by design
  • Privacy engineering
  • Security engineering

Fingerprint

Dive into the research topics of 'DEFeND Architecture: A Privacy by Design Platform for GDPR Compliance'. Together they form a unique fingerprint.

Cite this