Abstract
With the GDPR coming into force in 2018, organizations require techniques to assess and improve the current state of their data processing activities with regards to personal data. Although current research has explored GDPR compliance to some degree, the work is either highly generalized or focused on specific principles within the legislation. This paper presents the current state of a model of the GDPR that provides a concise visual overview of the associations between entities defined in the legislation and their constraints. We also discuss its application directions towards the development of an overall approach to organizational privacy management - as a visual representation and as a tool to aid the definition of privacy policy.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gjermundrød, H., Dionysiou, I., Costa, K.: privacyTracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 3–15. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_1
Robol, M., Salnitri, M., Giorgini, P.: Toward GDPR-compliant socio-technical systems: modeling language and reasoning framework. In: Poels, G., Gailly, F., Serral Asensio, E., Snoeck, M. (eds.) PoEM 2017. LNBIP, vol. 305, pp. 236–250. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70241-4_16
Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14192-8_23
Pullonen, P., Matulevičius, R., Bogdanov, D.: PE-BPMN: privacy-enhanced business process model and notation. In: Carmona, J., Engels, G., Kumar, A. (eds.) BPM 2017. LNCS, vol. 10445, pp. 40–56. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65000-5_3
Diamantopoulou, V., Angelopoulos, K., Pavlidis, M., Mouratidis, H.: A metamodel for GDPR-based privacy level agreements. In: ER Forum 2017 and the ER 2017 Demo Track (2017)
EU General Data Protection Regulation. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG
Becker, J., Knackstedt, R., Braeuer, S., Heddier, M.: Integrating regulatory requirements into information systems design and implementation. In: 35th International Conference on Information Systems (2014)
TRUSTe Consumer Privacy Index (2016). https://www.trustarc.com/resources/privacy-research/ncsa-consumer-privacy-index-us/
UK Data Protection Act (1998). https://www.legislation.gov.uk/ukpga/1998/29/contents
Australian Privacy Act (1988). https://www.legislation.gov.au/Details/C2014C00076
Malaysian Personal Data Protection Act. http://www.pdp.gov.my/index.php/en/
Facebook Processes Personal Information Obtained Without Consent. https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/
Facebook and Cambridge Analytica Scandal. https://www.cnet.com/news/facebook-cambridge-analytica-data-mining-and-trump-what-you-need-to-know/
Strength of Data Protection Laws Around the World. https://www.dlapiperdataprotection.com/
Sing, E.: A Meta-model Driven Method for Establishing Business Process Compliance to GDPR. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62090&year=2018
Çelebi, I.: Privacy Enhanced Secure Tropos (PESTOS): A Privacy Modeling Language for GDPR Compliance. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62167&year=2018
Abbasi, A.: GDPR Implementation in an Airline’s Contact Center. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62295&year=2018
Acknowledgment
This research is partly supported by the Estonian Research Council (grant IUT20-55).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Tom, J., Sing, E., Matulevičius, R. (2018). Conceptual Representation of the GDPR: Model and Application Directions. In: Zdravkovic, J., Grabis, J., Nurcan, S., Stirna, J. (eds) Perspectives in Business Informatics Research. BIR 2018. Lecture Notes in Business Information Processing, vol 330. Springer, Cham. https://doi.org/10.1007/978-3-319-99951-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-99951-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-99950-0
Online ISBN: 978-3-319-99951-7
eBook Packages: Computer ScienceComputer Science (R0)