TY - GEN
T1 - Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform
AU - Tsohou, Aggeliki
AU - Magkos, Emmanouil
AU - Mouratidis, Haris
AU - Chrysoloras, George
AU - Piras, Luca
AU - Pavlidis, Michalis
AU - Debussche, Julien
AU - Rotoloni, Marco
AU - Gallego-Nicasio Crespo, Beatriz
PY - 2020/2/22
Y1 - 2020/2/22
N2 - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
AB - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
KW - Compliance
KW - GDPR
KW - Prioritisation
KW - Software requirements
UR - http://www.scopus.com/inward/record.url?scp=85081627768&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-42048-2_14
DO - 10.1007/978-3-030-42048-2_14
M3 - Conference contribution with ISSN or ISBN
SN - 9783030420475
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 204
EP - 223
BT - Computer Security - ESORICS 2019 International Workshops, CyberICPS, SECPRE, SPOSE, and ADIoT, Revised Selected Papers
A2 - Katsikas, Sokratis
A2 - Katsikas, Sokratis
A2 - Cuppens, Frédéric
A2 - Cuppens, Nora
A2 - Lambrinoudakis, Costas
A2 - Gritzalis, Stefanos
A2 - Kalloniatis, Christos
A2 - Mylopoulos, John
A2 - Antón, Annie
A2 - Pallas, Frank
A2 - Pohle, Jörg
A2 - Sasse, Angela
A2 - Meng, Weizhi
A2 - Furnell, Steven
A2 - Garcia-Alfaro, Joaquin
PB - Springer
CY - Cham
ER -