DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Luca Piras; Mohammed Ghazi Al-Obeidallah; Michalis Pavlidis; Haralambos Mouratidis; Aggeliki Tsohou; Emmanouil Magkos; Andrea Praitano; Annarita Iodice; Beatriz Gallego Nicasio Crespo

doi:10.1007/978-3-030-58986-8_13

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Luca Piras, Mohammed Ghazi Al-Obeidallah, Michalis Pavlidis, Haralambos Mouratidis, Aggeliki Tsohou, Emmanouil Magkos, Andrea Praitano, Annarita Iodice, Beatriz Gallego Nicasio Crespo

Centre for Secure, Intelligent and Usable Systems

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

Original language	English
Title of host publication	Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings
Editors	Stefanos Gritzalis, Edgar R. Weippl, Gabriele Kotsis, Ismail Khalil, A Min Tjoa
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	186-201
Number of pages	16
ISBN (Print)	9783030589851
DOIs	https://doi.org/10.1007/978-3-030-58986-8_13
Publication status	Published - 14 Sep 2020
Event	17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2020 - Bratislava, Slovakia Duration: 14 Sep 2020 → 17 Sep 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12395 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2020
Country/Territory	Slovakia
City	Bratislava
Period	14/09/20 → 17/09/20

Bibliographical note

The final authenticated version is available online at https://doi.org/10.1007/978-3-030-58986-8_13

Keywords

Data protection
Data Scope Management
GDPR
Privacy
Privacy by Design
Privacy engineering
Security engineering

Access to Document

10.1007/978-3-030-58986-8_13

TrustBus_20_DEFeND_DSMAccepted author manuscript, 741 KB

Cite this

Piras, L., Al-Obeidallah, M. G., Pavlidis, M., Mouratidis, H., Tsohou, A., Magkos, E., Praitano, A., Iodice, A., & Crespo, B. G. N. (2020). DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance. In S. Gritzalis, E. R. Weippl, G. Kotsis, I. Khalil, & A. M. Tjoa (Eds.), Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings (pp. 186-201). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12395 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-030-58986-8_13

Piras, Luca ; Al-Obeidallah, Mohammed Ghazi ; Pavlidis, Michalis et al. / DEFeND DSM : A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance. Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings. editor / Stefanos Gritzalis ; Edgar R. Weippl ; Gabriele Kotsis ; Ismail Khalil ; A Min Tjoa. Springer Science and Business Media Deutschland GmbH, 2020. pp. 186-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{fcf6312659034e39882203f44cb9cebc,

title = "DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance",

abstract = "The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.",

keywords = "Data protection, Data Scope Management, GDPR, Privacy, Privacy by Design, Privacy engineering, Security engineering",

author = "Luca Piras and Al-Obeidallah, {Mohammed Ghazi} and Michalis Pavlidis and Haralambos Mouratidis and Aggeliki Tsohou and Emmanouil Magkos and Andrea Praitano and Annarita Iodice and Crespo, {Beatriz Gallego Nicasio}",

note = "The final authenticated version is available online at https://doi.org/10.1007/978-3-030-58986-8_13; 17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2020 ; Conference date: 14-09-2020 Through 17-09-2020",

year = "2020",

month = sep,

day = "14",

doi = "10.1007/978-3-030-58986-8_13",

language = "English",

isbn = "9783030589851",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "186--201",

editor = "Stefanos Gritzalis and Weippl, {Edgar R.} and Gabriele Kotsis and Ismail Khalil and Tjoa, {A Min}",

booktitle = "Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings",

}

Piras, L, Al-Obeidallah, MG, Pavlidis, M, Mouratidis, H, Tsohou, A, Magkos, E, Praitano, A, Iodice, A & Crespo, BGN 2020, DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance. in S Gritzalis, ER Weippl, G Kotsis, I Khalil & AM Tjoa (eds), Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12395 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 186-201, 17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2020, Bratislava, Slovakia, 14/09/20. https://doi.org/10.1007/978-3-030-58986-8_13

DEFeND DSM : A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance. / Piras, Luca; Al-Obeidallah, Mohammed Ghazi; Pavlidis, Michalis et al.

Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings. ed. / Stefanos Gritzalis; Edgar R. Weippl; Gabriele Kotsis; Ismail Khalil; A Min Tjoa. Springer Science and Business Media Deutschland GmbH, 2020. p. 186-201 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12395 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - DEFeND DSM

T2 - 17th International Conference on Trust, Privacy and Security in Digital Business, TrustBus 2020

AU - Piras, Luca

AU - Al-Obeidallah, Mohammed Ghazi

AU - Pavlidis, Michalis

AU - Mouratidis, Haralambos

AU - Tsohou, Aggeliki

AU - Magkos, Emmanouil

AU - Praitano, Andrea

AU - Iodice, Annarita

AU - Crespo, Beatriz Gallego Nicasio

N1 - The final authenticated version is available online at https://doi.org/10.1007/978-3-030-58986-8_13

PY - 2020/9/14

Y1 - 2020/9/14

N2 - The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

AB - The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

KW - Data protection

KW - Data Scope Management

KW - GDPR

KW - Privacy

KW - Privacy by Design

KW - Privacy engineering

KW - Security engineering

UR - http://www.scopus.com/inward/record.url?scp=85091599482&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-58986-8_13

DO - 10.1007/978-3-030-58986-8_13

M3 - Conference contribution with ISSN or ISBN

AN - SCOPUS:85091599482

SN - 9783030589851

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 186

EP - 201

BT - Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings

A2 - Gritzalis, Stefanos

A2 - Weippl, Edgar R.

A2 - Kotsis, Gabriele

A2 - Khalil, Ismail

A2 - Tjoa, A Min

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 14 September 2020 through 17 September 2020

ER -

Piras L, Al-Obeidallah MG, Pavlidis M, Mouratidis H, Tsohou A, Magkos E et al. DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance. In Gritzalis S, Weippl ER, Kotsis G, Khalil I, Tjoa AM, editors, Trust, Privacy and Security in Digital Business - 17th International Conference, TrustBus 2020, Proceedings. Springer Science and Business Media Deutschland GmbH. 2020. p. 186-201. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-58986-8_13

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Michalis Pavlidis

Cite this

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Profiles

Michalis Pavlidis

Cite this