Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform

Tsohou, Aggeliki; Magkos, Emmanouil; Mouratidis, Haralambos; Chrysoloras, George; Piras, Luca; Pavlidis, Michalis; Debussche, Julien; Rotoloni, Marco; Crespo, Beatriz Gallego-Nicasio

doi:10.1108/ics-01-2020-0002

Cited by 14 publications

(19 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The rest of the paper is organized as follows. Section 2 summarizes the requirements we elicited in previous works [16,17], and answers to RQ1 providing the activities and strategies for PbD we derived for the DSM flow and toolkit. Section 3 addresses RQ2 and describes the DSM flow, toolkit, data models, our case study and preliminary evaluation within DEFeND.…”

Section: Dsm: a Service For Model-based Privacy By Design Gdpr Complimentioning

confidence: 99%

“…As indicated above, an important aspect of our work was to identify a set of analysis and implementation activities related to PbD. in doing so, we employed a Human-Centered Design (HCD) approach [8], where questionnaires and interviews were used as the basic tool to capture the main stakeholders' requirements with regards to PbD and also to understand the main characteristics that an automated toolkit should possess to support PbD [16,17]. Our approach consisted of 3 main stages [16,17] describe in the next.…”

Section: Pbd Activities and Strategies For Gdpr Compliancementioning

confidence: 99%

“…1. DSM components, modules and DSM Data Models (green rectangles) [12,16,17] in DSM are the Data Assessment Model (DAM) and the Data Privacy Model (DPM). DAM is produced in the Data Assessment Component (DAC), then read in the Data Privacy Analysis Component (DPAC) that in turn produces the DPM model.…”

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

“…RQ1 is the main RQ that this paper tries to answer while RQ2 is a supportive question. To answer the first question we elicited information from Data Protection Officers (DPOs), experts and end-users [16,17] of organizations from different GDPR relevant sectors (e.g., banking, public administration, healthcare, energy). We analysed the outcome of these activities and derived a set of activities, strategies and factors that are important for the implementation of PbD.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

Trust, Privacy and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

The introduction of the European General Data Protection Regulation (GDPR) has brought significant benefits to citizens, but it has also created challenges for organisations, which are facing with difficulties interpreting it and properly applying it. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we: (i) identify the most important PbD activities and strategies, (ii) design a coherent, linear and effective flow for them, and (iii) describe our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Specifically, within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through Model-Based Privacy by Design analysis. Here, we present important PbD activities and strategies individuated, then describe DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

show abstract

Section: Dsm: a Service For Model-based Privacy By Design Gdpr Complimentioning

confidence: 99%

Section: Pbd Activities and Strategies For Gdpr Compliancementioning

confidence: 99%

Section: Dsm Components Integrated Tools and Data Modelsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Piras

Al-Obeidallah

Pavlidis

et al. 2020

Trust, Privacy and Security in Digital Business

Self Cite

View full text Add to dashboard Cite

show abstract

“…Moreover, new classes of requirements are becoming even more important for the entire cycle of Software Engineering (SE), since they guide the entire process in a strategic way from the very early stages of the analysis of any software system. For instance, this is especially true for privacy and security requirements, where poorly conducted analysis often leads to poor designed software systems, causing unlawful exploitation of personal data with damages to citizens, and heavy GDPR fines for large corporations [10,14,16]. This is often the case because software designers deal with privacy and security in an informal and unsystematic way, even though tool-supported methods are available [4,8,9,16].…”

Section: Introductionmentioning

confidence: 99%

Applying Acceptance Requirements to Requirements Modeling Tools via Gamification: A Case Study on Privacy and Security

Piras

Calabrese

Giorgini

2020

Lecture Notes in Business Information Processing

Self Cite

View full text Add to dashboard Cite

Requirements elicitation, analysis and modeling are critical activities for software success. However, software systems are increasingly complex, harder to develop due to an ever-growing number of requirements from numerous and heterogeneous stakeholders, concerning dozens of requirements types, from functional to qualitative, including adaptation, security and privacy, ethical, acceptance and more. In such settings, requirements engineers need support concerning such increasingly complex activities, and Requirements Engineering (RE) modeling tools have been developed for this. However, such tools, although effective, are complex, time-consuming and requiring steep learning curves. The consequent lack of acceptance and abandonment in using such tools, by engineers, paves the way to the application of RE techniques in a more error-prone, low-quality way, increasing the possibility to have failures in software systems delivered. In this paper, we identify main areas of lack of acceptance, affecting RE engineers, for such tools, and propose an approach for making modeling tools more effective in engaging the engineer in performing RE in a tool-based way, receiving adequate feedback and staying motivated to use modeling tools. This is accomplished by performing acceptance requirements analysis (through the Agon Framework) and using gamification to increase the engagement of engineers during the usage of RE modeling tools. Towards this end, we performed a case study, within the VisiOn European Project, for enhancing a tool for modeling privacy and security requirements. Our case study provides preliminary evidence that our approach supports in making RE modeling tools more engaging from the engineer perspective.

show abstract

A Framework for Investigating GDPR Compliance Through the Lens of Security

Marotta¹,

Madnick²

2021

Mobile Web and Intelligent Information Systems

View full text Add to dashboard Cite

Privacy, security, legal and technology acceptance elicited and consolidated requirements for a GDPR compliance platform

Cited by 14 publications

References 22 publications

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

DEFeND DSM: A Data Scope Management Service for Model-Based Privacy by Design GDPR Compliance

Applying Acceptance Requirements to Requirements Modeling Tools via Gamification: A Case Study on Privacy and Security

A Framework for Investigating GDPR Compliance Through the Lens of Security

Contact Info

Product

Resources

About