The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements

Ayala-Rivera, Vanessa; Pasquale, Liliana

doi:10.1109/re.2018.00023

Cited by 60 publications

(87 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Considering the context of data privacy, several models were proposed with principles similar to LGPD, among them ISO/IEC 29100-Information technology-Security techniques-Privacy framework [20] and the General Data Protection Regulation (GDPR) [19,31]. GDPR entered into force in the European Union (EU) on 25 May 2018, through the Regulation EU 2016/679 [19].…”

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

“…According to DataGuidance by OneTrust [19], LGPD and GPDR have many similarities with a few disagreements regarding the processing of individuals' personal data. Table 1 presents a macro comparison between the principles, rights, legal bases of the LGPD model [18], and GDPR [19,31].…”

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

“…It must be highlighted that ISO/IEC 29100 [20] has 12 principles and most part of these principles are similar to GDPR [19,31] and LGPD principles [18], other principles are referred as "individual rights" or "legal bases". For example, Consent and Choice is a principle in ISO/IEC 29100 [20]; however, it is considered a legal basis/individual right in LGPD and GDPR.…”

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

“…E15 The challenges of privacy by design [21] E16 Comparing Privacy Requirements Engineering Approaches [26] E17 Addressing privacy requirements in system design: the PriS method [6] E18 Incorporating privacy in the design of cloud-based systems: a conceptual meta-model [1] E19 The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements [31] E20 Security and Privacy Requirements Analysis within a Social Setting [9] E21 Model Based Process to Support Security and Privacy Requirements Engineering [7] E22 A framework for modeling privacy requirements in role engineering [4] E23 Privacy and security requirements framework for the internet of things (IoT) [41] E24 A taxonomy of security and privacy requirements for the Internet of Things (IoT) [42] E25 E36 Designing privacy-aware internet of things applications [54] In order to answer questions RQ.2, RQ.3, and RQ.4, we held an online survey with practitioners of ICT from some organizations in which we focused our study. We asked 27 closed-ended questions mainly using a Likert scale [55] and 03 open-ended questions.…”

Section: Id Title Referencementioning

confidence: 99%

See 3 more Smart Citations

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

During software development activities, it is important for Information and Communication Technology (ICT) practitioners to know and understand practices and guidelines regarding information privacy, as software requirements must comply with data privacy laws and members of development teams should know current legislation related to the protection of personal data. In order to gain a better understanding on how industry ICT practitioners perceive the practical relevance of software privacy and privacy requirements and how these professionals are implementing data privacy concepts, we conducted a survey with ICT practitioners from software development organizations to get an overview of how these professionals are implementing data privacy concepts during software design. We performed a systematic literature review to identify related works with software privacy and privacy requirements and what methodologies and techniques are used to specify them. In addition, we conducted a survey with ICT practitioners from different organizations. Findings revealed that ICT practitioners lack a comprehensive knowledge of software privacy and privacy requirements and the Brazilian General Data Protection Law (Lei Geral de Proteção de Dados Pessoais, LGPD, in Portuguese), nor they are able to work with the laws and guidelines governing data privacy. Organizations are demanded to define an approach to contextualize ICT practitioners with the importance of knowledge of software privacy and privacy requirements, as well as to address them during software development, since LGPD must change the way teams work, as a number of features and controls regarding consent, documentation, and privacy accountability will be required.

show abstract

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

Section: Brazilian General Data Protection Law (Lgpd)mentioning

confidence: 99%

Section: Id Title Referencementioning

confidence: 99%

See 2 more Smart Citations

Perceptions of ICT Practitioners Regarding Software Privacy

Canedo

Calazans

Masson

et al. 2020

Entropy

View full text Add to dashboard Cite

show abstract

“…Fourth, requirements should be traceable through a whole software development life cycle [3], and even through a whole software life cycle, from the first working release to the eventual deprecation. Insofar as practical software engineering is considered, this traceability mandate is particularly interesting.…”

Section: B Limitations and Challengesmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) in the European Union is the most famous recently enacted privacy regulation. Despite of the regulation's legal, political, and technological ramifications, relatively little research has been carried out for better understanding the GDPR's practical implications for requirements engineering and software architectures. Building on a grounded theory approach with close ties to the Finnish software industry, this paper contributes to the sealing of this gap in previous research. Three questions are asked and answered in the context of software development organizations. First, the paper elaborates nine practical constraints under which many small and medium-sized enterprises (SMEs) often operate when implementing solutions that address the new regulatory demands. Second, the paper elicits nine regulatory requirements from the GDPR for software architectures. Third, the paper presents an implementation for a software architecture that complies both with the requirements elicited and the constraints elaborated.

show abstract

Using an Enterprise Architecture Model for GDPR Compliance Principles

Blanco-Lainé¹,

Sottet²,

Dupuy-Chessa³

2019

Lecture Notes in Business Information Processing

View full text Add to dashboard Cite

Nowadays, all enterprises must take into account the legal frameworks at all levels of their organization. Over the past two years, the focus has been on the GDPR. This regulation on data and their processing activities impacts on the vision of the enterprise information system. In order to identify these impacts, it is necessary to define an approach to conciliate regulatory and business points of view. Our proposal is to use an enterprise architecture modeling approach to integrate regulatory concerns. This article describes a high-level Archimate model for implementing a GDPR compliance approach.

show abstract

The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements

Cited by 60 publications

References 16 publications

Perceptions of ICT Practitioners Regarding Software Privacy

Perceptions of ICT Practitioners Regarding Software Privacy

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Using an Enterprise Architecture Model for GDPR Compliance Principles

Contact Info

Product

Resources

About