Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Aggeliki Tsohou; Emmanouil Magkos; Haris Mouratidis; George Chrysoloras; Luca Piras; Michalis Pavlidis; Julien Debussche; Marco Rotoloni; Beatriz Gallego-Nicasio Crespo

doi:10.1007/978-3-030-42048-2_14

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Aggeliki Tsohou, Emmanouil Magkos, Haris Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni, Beatriz Gallego-Nicasio Crespo

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

Abstract

GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

Original language	English
Title of host publication	Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers
Subtitle of host publication	In conjunction with ESORICS 2019
Editors	Sokratis Katsikas, Sokratis Katsikas, Frédéric Cuppens, Nora Cuppens, Costas Lambrinoudakis, Stefanos Gritzalis, Christos Kalloniatis, John Mylopoulos, Annie Antón, Frank Pallas, Jörg Pohle, Angela Sasse, Weizhi Meng, Steven Furnell, Joaquin Garcia-Alfaro
Place of Publication	Cham
Publisher	Springer
Pages	204-223
Number of pages	20
ISBN (Electronic)	9783030420482
ISBN (Print)	9783030420475
DOIs	https://doi.org/10.1007/978-3-030-42048-2_14
Publication status	Published - 22 Feb 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11980 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Keywords

Compliance
GDPR
Prioritisation
Software requirements

Access to Document

10.1007/978-3-030-42048-2_14

2019-08-30 SecPre 2019 CRVAccepted author manuscript, 784 KB

Cite this

Tsohou, A., Magkos, E., Mouratidis, H., Chrysoloras, G., Piras, L., Pavlidis, M., Debussche, J., Rotoloni, M., & Gallego-Nicasio Crespo, B. (2020). Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. In S. Katsikas, S. Katsikas, F. Cuppens, N. Cuppens, C. Lambrinoudakis, S. Gritzalis, C. Kalloniatis, J. Mylopoulos, A. Antón, F. Pallas, J. Pohle, A. Sasse, W. Meng, S. Furnell, & J. Garcia-Alfaro (Eds.), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers: In conjunction with ESORICS 2019 (pp. 204-223). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS). Springer. https://doi.org/10.1007/978-3-030-42048-2_14

Tsohou, Aggeliki ; Magkos, Emmanouil ; Mouratidis, Haris et al. / Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers: In conjunction with ESORICS 2019. editor / Sokratis Katsikas ; Sokratis Katsikas ; Frédéric Cuppens ; Nora Cuppens ; Costas Lambrinoudakis ; Stefanos Gritzalis ; Christos Kalloniatis ; John Mylopoulos ; Annie Antón ; Frank Pallas ; Jörg Pohle ; Angela Sasse ; Weizhi Meng ; Steven Furnell ; Joaquin Garcia-Alfaro. Cham : Springer, 2020. pp. 204-223 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{f2656ed646f64c85b9cbf931472fee46,

title = "Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform",

abstract = "GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.",

keywords = "Compliance, GDPR, Prioritisation, Software requirements",

author = "Aggeliki Tsohou and Emmanouil Magkos and Haris Mouratidis and George Chrysoloras and Luca Piras and Michalis Pavlidis and Julien Debussche and Marco Rotoloni and {Gallego-Nicasio Crespo}, Beatriz",

year = "2020",

month = feb,

day = "22",

doi = "10.1007/978-3-030-42048-2_14",

language = "English",

isbn = "9783030420475",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "204--223",

editor = "Sokratis Katsikas and Sokratis Katsikas and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens and Costas Lambrinoudakis and Stefanos Gritzalis and Christos Kalloniatis and John Mylopoulos and Annie Ant{\'o}n and Frank Pallas and J{\"o}rg Pohle and Angela Sasse and Weizhi Meng and Steven Furnell and Joaquin Garcia-Alfaro",

booktitle = "Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers",

}

Tsohou, A, Magkos, E, Mouratidis, H, Chrysoloras, G, Piras, L, Pavlidis, M, Debussche, J, Rotoloni, M & Gallego-Nicasio Crespo, B 2020, Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. in S Katsikas, S Katsikas, F Cuppens, N Cuppens, C Lambrinoudakis, S Gritzalis, C Kalloniatis, J Mylopoulos, A Antón, F Pallas, J Pohle, A Sasse, W Meng, S Furnell & J Garcia-Alfaro (eds), Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers: In conjunction with ESORICS 2019. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11980 LNCS, Springer, Cham, pp. 204-223. https://doi.org/10.1007/978-3-030-42048-2_14

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. / Tsohou, Aggeliki; Magkos, Emmanouil; Mouratidis, Haris et al.
Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers: In conjunction with ESORICS 2019. ed. / Sokratis Katsikas; Sokratis Katsikas; Frédéric Cuppens; Nora Cuppens; Costas Lambrinoudakis; Stefanos Gritzalis; Christos Kalloniatis; John Mylopoulos; Annie Antón; Frank Pallas; Jörg Pohle; Angela Sasse; Weizhi Meng; Steven Furnell; Joaquin Garcia-Alfaro. Cham: Springer, 2020. p. 204-223 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11980 LNCS).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBN › Conference contribution with ISSN or ISBN › peer-review

TY - GEN

T1 - Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

AU - Tsohou, Aggeliki

AU - Magkos, Emmanouil

AU - Mouratidis, Haris

AU - Chrysoloras, George

AU - Piras, Luca

AU - Pavlidis, Michalis

AU - Debussche, Julien

AU - Rotoloni, Marco

AU - Gallego-Nicasio Crespo, Beatriz

PY - 2020/2/22

Y1 - 2020/2/22

N2 - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

AB - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

KW - Compliance

KW - GDPR

KW - Prioritisation

KW - Software requirements

UR - http://www.scopus.com/inward/record.url?scp=85081627768&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-42048-2_14

DO - 10.1007/978-3-030-42048-2_14

M3 - Conference contribution with ISSN or ISBN

SN - 9783030420475

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 204

EP - 223

BT - Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers

A2 - Katsikas, Sokratis

A2 - Cuppens, Frédéric

A2 - Cuppens, Nora

A2 - Lambrinoudakis, Costas

A2 - Gritzalis, Stefanos

A2 - Kalloniatis, Christos

A2 - Mylopoulos, John

A2 - Antón, Annie

A2 - Pallas, Frank

A2 - Pohle, Jörg

A2 - Sasse, Angela

A2 - Meng, Weizhi

A2 - Furnell, Steven

A2 - Garcia-Alfaro, Joaquin

PB - Springer

CY - Cham

ER -

Tsohou A, Magkos E, Mouratidis H, Chrysoloras G, Piras L, Pavlidis M et al. Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. In Katsikas S, Katsikas S, Cuppens F, Cuppens N, Lambrinoudakis C, Gritzalis S, Kalloniatis C, Mylopoulos J, Antón A, Pallas F, Pohle J, Sasse A, Meng W, Furnell S, Garcia-Alfaro J, editors, Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers: In conjunction with ESORICS 2019. Cham: Springer. 2020. p. 204-223. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-42048-2_14

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Michalis Pavlidis

Cite this

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Profiles

Michalis Pavlidis

Cite this