Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

Aggeliki Tsohou, Emmanouil Magkos, Haris Mouratidis, George Chrysoloras, Luca Piras, Michalis Pavlidis, Julien Debussche, Marco Rotoloni, Beatriz Gallego-Nicasio Crespo

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

Abstract

GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.
Original languageEnglish
Title of host publication3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019
Subtitle of host publicationIn conjunction with ESORICS 2019
PublisherSpringer
Publication statusPublished - 31 Oct 2019

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
ISSN (Print)0302-9743

Fingerprint

Data privacy
Public administration
Health
Controllers
Compliance

Cite this

Tsohou, A., Magkos, E., Mouratidis, H., Chrysoloras, G., Piras, L., Pavlidis, M., ... Gallego-Nicasio Crespo, B. (2019). Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. In 3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019: In conjunction with ESORICS 2019 (Lecture Notes in Computer Science). Springer.
Tsohou, Aggeliki ; Magkos, Emmanouil ; Mouratidis, Haris ; Chrysoloras, George ; Piras, Luca ; Pavlidis, Michalis ; Debussche, Julien ; Rotoloni, Marco ; Gallego-Nicasio Crespo, Beatriz. / Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. 3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019: In conjunction with ESORICS 2019. Springer, 2019. (Lecture Notes in Computer Science).
@inproceedings{f2656ed646f64c85b9cbf931472fee46,
title = "Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform",
abstract = "GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.",
author = "Aggeliki Tsohou and Emmanouil Magkos and Haris Mouratidis and George Chrysoloras and Luca Piras and Michalis Pavlidis and Julien Debussche and Marco Rotoloni and {Gallego-Nicasio Crespo}, Beatriz",
year = "2019",
month = "10",
day = "31",
language = "English",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
booktitle = "3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019",

}

Tsohou, A, Magkos, E, Mouratidis, H, Chrysoloras, G, Piras, L, Pavlidis, M, Debussche, J, Rotoloni, M & Gallego-Nicasio Crespo, B 2019, Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. in 3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019: In conjunction with ESORICS 2019. Lecture Notes in Computer Science, Springer.

Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. / Tsohou, Aggeliki; Magkos, Emmanouil; Mouratidis, Haris; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Gallego-Nicasio Crespo, Beatriz.

3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019: In conjunction with ESORICS 2019. Springer, 2019. (Lecture Notes in Computer Science).

Research output: Chapter in Book/Conference proceeding with ISSN or ISBNConference contribution with ISSN or ISBN

TY - GEN

T1 - Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform

AU - Tsohou, Aggeliki

AU - Magkos, Emmanouil

AU - Mouratidis, Haris

AU - Chrysoloras, George

AU - Piras, Luca

AU - Pavlidis, Michalis

AU - Debussche, Julien

AU - Rotoloni, Marco

AU - Gallego-Nicasio Crespo, Beatriz

PY - 2019/10/31

Y1 - 2019/10/31

N2 - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

AB - GDPR entered into force in May 2018 for enhancing user data protection. Even though GDPR leads towards a radical change with many advantages for the data subjects it turned out to be a significant challenge. Organizations need to make long and complex changes for the personal data processing activities to become GDPR compliant. Citizens as data subjects are empowered with new rights, which however they need to become aware of and understand. Finally, the role of data protection authorities changes as well as their expectations from organizations. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. To succeed, the platform needs to satisfy legal and privacy requirements, be effective in supporting organizations in GDPR compliance, and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform, by involving stakeholders from the banking, energy, health and public administration sectors, and using advanced frameworks for privacy requirements and acceptance requirements. The paper also contributes by providing elicited privacy and acceptance requirements concerning a holistic platform for supporting GDPR compliance.

M3 - Conference contribution with ISSN or ISBN

T3 - Lecture Notes in Computer Science

BT - 3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019

PB - Springer

ER -

Tsohou A, Magkos E, Mouratidis H, Chrysoloras G, Piras L, Pavlidis M et al. Privacy, Security, Legal and Technology Acceptance Requirements for a GDPR Compliance Platform. In 3rd International Workshop on Security and Privacy Requirements Engineering SECPRE 2019: In conjunction with ESORICS 2019. Springer. 2019. (Lecture Notes in Computer Science).