Abstract
In this paper we use Design and Engineering Methodology for Organizations (DEMO) to formally describe the European Union General Data Protection Regulation (2016/679) which entries into force and application on May 25, 2018. This law introduces a paradigm shift in information systems by requiring by design and by default much more control on personal data and its processing. The data subjects can give and remove consent for processing and establish restrictions on what the data is processed for. They can also ask for their information, object to automated decision making based on it, require changes to that information or ask that it be erased (‘right to be forgotten’). When they ask for their information, it must be provided in a machine-readable format, which implies data portability and the ability to provide it to another party. This law creates a new role, the data protection officer, and assigns duties to data controllers, data processors, supervisory authorities, national authorities and EU authorities. This work shows how DEMO can present in a simple way the system described by this law, and analyses the challenges and insights provided by using this modeling method.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
European Union Regulation 2016/679, General Data Protection Regulation. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
European Union Directive 95/46/EC, Data Protection Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046
Dietz, J.L.G.: Enterprise Ontology – Theory and Methodology. Springer, Heidelberg (2006). https://doi.org/10.1007/3-540-33149-2
Dietz, J.L.G.: DEMO-3 Way of Working, 1 September 2009 (2009)
Medina-Mora, R., Winograd, T., Flores, R., Flores, F.: The action workflow approach to workflow management technology. In: Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work, pp. 281–288. ACM, December 1992
Denning, P.J., Medina-Mora, R.: Completing the loops. Interfaces 25(3), 42–57 (1995)
Van Reijswoud, V.E., Mulder, H.B., Dietz, J.L.: Communicative action-based business process and information systems modelling with DEMO. Inf. Syst. J. 9(2), 117–138 (1999)
Dietz, J.L.G.: The PSI theory – understanding human collaboration (v4.3) (2017). https://www.researchgate.net/publication/320298882_The_PSI_theory_-_understanding_human_collaboration. Accessed 25 May 2018
Wohlin, C., Aurum, A.: Towards a decision-making structure for selecting a research design in empirical software engineering. Empir. Softw. Eng. 20(6), 1427–1455 (2015)
Acknowledgments
This work was partially funded by FCT/MCTES LARSyS (UID/EEA/50009/2013 (2015-2017)).
This work was developed with financial support from ARDITI (Agência Regional para o Desenvolvimento da Investigação, Tecnologia e Inovação), in the context of project M14-20 09–5369-FSE-000001 - Bolsa de Doutoramento.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Gouveia, D., Aveiro, D. (2019). Modeling the System Described by the EU General Data Protection Regulation with DEMO. In: Aveiro, D., Guizzardi, G., Guerreiro, S., Guédria, W. (eds) Advances in Enterprise Engineering XII. EEWC 2018. Lecture Notes in Business Information Processing, vol 334. Springer, Cham. https://doi.org/10.1007/978-3-030-06097-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-06097-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-06096-1
Online ISBN: 978-3-030-06097-8
eBook Packages: Computer ScienceComputer Science (R0)