DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Henriksen-Bulmer, Jane; Faily, Shamal; Jeary, Sherry

doi:10.3390/fi12050093

Cited by 13 publications

(7 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Some studies focus on the risk management approach of the GDPR, such as the development and use of the DPIA (Data Protection Impact Assessment) [82], [83], [84], [85], [86], [87], [88] and on vulnerabilities and threats in international transfers via electronic payment wallets [89].…”

Section: Challenges (C) and Enablers (E) Sr-t Authorsmentioning

confidence: 99%

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Zaguir,

de Magalhães,

de Mesquita Spinola

2024

IEEE Access

View full text Add to dashboard Cite

Compliance with the General Data Protection Regulation (GDPR) or related laws by organizations could require organizational and technological changes. This topic has gained significant attention from management and scholars alike. Although the literature presents some reviews and research articles discussing challenges and enablers for GDPR compliance, they are often scattered and fragmented. One particular challenge is the implementation roadmap gap that arises when using ISO-based standards for compliance in isolation. On the other hand, as enablers for compliance, it raises the potential use of information governance (IG) and enterprise architecture management (EAM) disciplines. This research aims to provide a systematic literature review of the challenges and enablers for GDPR compliance and address this gap. The findings include a categorized list of challenges and enablers, a strategy for bridging the roadmap gap using IG and EAM, and the development of five propositions based on some challenges and enablers around this gap. Moreover, the study proposes a research agenda that includes conceptual work to build an IG-EAM framework, empirical research to verify those propositions, and developing new hypotheses stemming from the review's challenges and enablers. These contributions could enhance both the body of knowledge and managerial privacy practices.

show abstract

Section: Challenges (C) and Enablers (E) Sr-t Authorsmentioning

confidence: 99%

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Zaguir,

de Magalhães,

de Mesquita Spinola

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Governance should cover overarching strategic decisions for all stages of the data lifecycle. For the Ideal-Cities project, the DPIA Data Wheel created in earlier work [54] was adopted at an early stage of the project, as the vehicle for conducting data protection impact assessments (DPIAs) as part of the privacy risk assessment framework to be used within the project. This framework had already been devised and proven applicable to different use cases and scenarios [4].…”

Section: -Dl:1-governancementioning

confidence: 99%

Privacy Goals for the Data Lifecycle

et al. 2022

View full text Add to dashboard Cite

The introduction of Data Protection by Default and Design (DPbDD) brought in as part of the General Data Protection Regulation (GDPR) in 2018, has necessitated that businesses review how best to incorporate privacy into their processes in a transparent manner, so as to build trust and improve decisions around privacy best practice. To address this issue, this paper presents a 7-stage data lifecycle, supported by nine privacy goals that together, will help practitioners manage data holdings throughout data lifecycle. The resulting data lifecycle (7-DL) was created as part of the Ideal-Cities project, a Horizon-2020 Smart-city initiative, that seeks to facilitate data re-use and/or repurposed. We evaluate 7-DL through peer review and an exemplar worked example that applies the data lifecycle to a real-time life logging fire incident scenario, one of the Ideal-Cities use cases to demonstrate the applicability of the framework.

show abstract

“…In addition, the work in [19] present a systematic privacy-related information security risk assessment (pISRA) model, which combines both a privacy impact analysis and a risk assessment. In [30], the authors present an empirically evaluated privacy risk assessment framework, the DPIA Data Wheel. This framework considers the contextual integrity that practitioners can use to take decision around the privacy risks of Cyber Physical Systems (CPS).…”

Section: Understanding the Differences Between Pias And The Gdpr's Dpiasmentioning

confidence: 99%

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

et al. 2021

View full text Add to dashboard Cite

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

show abstract

DPIA in Context: Applying DPIA to Assess Privacy Risks of Cyber Physical Systems

Cited by 13 publications

References 31 publications

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Privacy Goals for the Data Lifecycle

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

Contact Info

Product

Resources

About