Research Repository

A Data Scope Management Service to Support Privacy by Design and GDPR Compliance

Piras, Luca and Al-Obeidallah, Mohammed Ghazi and Pavlidis, Michalis and Mouratidis, Haralambos and Tsohou, Aggeliki and Magkos, Emmanouil and Praitano, Andrea (2021) 'A Data Scope Management Service to Support Privacy by Design and GDPR Compliance.' Journal of Data Intelligence, 2 (2). pp. 136-165. ISSN 2577-610X

[img]
Preview
Text
136_165.pdf - Published Version

Download (1MB) | Preview

Abstract

In order to empower user data protection and user rights, the European General Data Protection Regulation (GDPR) has been enforced. On the positive side, the user is obtaining advantages from GDPR. However, organisations are facing many difficulties in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their lack of compliance, many organisations are receiving huge fines from authorities. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we propose the design of such flow, and our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through model-based Privacy by Design analysis. Here, we present DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

Item Type: Article
Uncontrolled Keywords: Privacy by Design; Privacy Engineering; Security Engineering; Data Protec- tion; GDPR; Data Scope Management; Privacy
Divisions: Faculty of Science and Health
Faculty of Science and Health > Computer Science and Electronic Engineering, School of
SWORD Depositor: Elements
Depositing User: Elements
Date Deposited: 17 Nov 2021 14:01
Last Modified: 15 Jan 2022 01:39
URI: http://repository.essex.ac.uk/id/eprint/31535

Actions (login required)

View Item View Item