Skip to main content
SpringerLink
Log in

Conceptual Representation of the GDPR: Model and Application Directions

  • Conference paper
  • First Online:
Perspectives in Business Informatics Research (BIR 2018)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 330))

Included in the following conference series:

Abstract

With the GDPR coming into force in 2018, organizations require techniques to assess and improve the current state of their data processing activities with regards to personal data. Although current research has explored GDPR compliance to some degree, the work is either highly generalized or focused on specific principles within the legislation. This paper presents the current state of a model of the GDPR that provides a concise visual overview of the associations between entities defined in the legislation and their constraints. We also discuss its application directions towards the development of an overall approach to organizational privacy management - as a visual representation and as a tool to aid the definition of privacy policy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gjermundrød, H., Dionysiou, I., Costa, K.: privacyTracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 3–15. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_1

    Chapter  Google Scholar 

  2. Robol, M., Salnitri, M., Giorgini, P.: Toward GDPR-compliant socio-technical systems: modeling language and reasoning framework. In: Poels, G., Gailly, F., Serral Asensio, E., Snoeck, M. (eds.) PoEM 2017. LNBIP, vol. 305, pp. 236–250. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70241-4_16

    Chapter  Google Scholar 

  3. Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) REFSQ 2010. LNCS, vol. 6182, pp. 255–261. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14192-8_23

    Chapter  Google Scholar 

  4. Pullonen, P., Matulevičius, R., Bogdanov, D.: PE-BPMN: privacy-enhanced business process model and notation. In: Carmona, J., Engels, G., Kumar, A. (eds.) BPM 2017. LNCS, vol. 10445, pp. 40–56. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65000-5_3

    Chapter  Google Scholar 

  5. Diamantopoulou, V., Angelopoulos, K., Pavlidis, M., Mouratidis, H.: A metamodel for GDPR-based privacy level agreements. In: ER Forum 2017 and the ER 2017 Demo Track (2017)

    Google Scholar 

  6. EU General Data Protection Regulation. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG

  7. Becker, J., Knackstedt, R., Braeuer, S., Heddier, M.: Integrating regulatory requirements into information systems design and implementation. In: 35th International Conference on Information Systems (2014)

    Google Scholar 

  8. TRUSTe Consumer Privacy Index (2016). https://www.trustarc.com/resources/privacy-research/ncsa-consumer-privacy-index-us/

  9. UK Data Protection Act (1998). https://www.legislation.gov.uk/ukpga/1998/29/contents

  10. Australian Privacy Act (1988). https://www.legislation.gov.au/Details/C2014C00076

  11. Malaysian Personal Data Protection Act. http://www.pdp.gov.my/index.php/en/

  12. Facebook Processes Personal Information Obtained Without Consent. https://www.cnet.com/news/shadow-profiles-facebook-has-information-you-didnt-hand-over/

  13. Facebook and Cambridge Analytica Scandal. https://www.cnet.com/news/facebook-cambridge-analytica-data-mining-and-trump-what-you-need-to-know/

  14. Strength of Data Protection Laws Around the World. https://www.dlapiperdataprotection.com/

  15. Sing, E.: A Meta-model Driven Method for Establishing Business Process Compliance to GDPR. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62090&year=2018

  16. Çelebi, I.: Privacy Enhanced Secure Tropos (PESTOS): A Privacy Modeling Language for GDPR Compliance. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62167&year=2018

  17. Abbasi, A.: GDPR Implementation in an Airline’s Contact Center. Master thesis, University of Tartu (2018). http://comserv.cs.ut.ee/ati_thesis/datasheet.php?id=62295&year=2018

Download references

Acknowledgment

This research is partly supported by the Estonian Research Council (grant IUT20-55).

Author information

Authors and Affiliations

  1. University of Tartu, 50409, Tartu, Estonia

    Jake Tom, Eduard Sing & Raimundas Matulevičius

Authors
  1. Jake Tom
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Eduard Sing
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Raimundas Matulevičius
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jake Tom .

Editor information

Editors and Affiliations

  1. Stockholm University, Kista, Sweden

    Jelena Zdravkovic

  2. Riga Technical University, Riga, Latvia

    Jānis Grabis

  3. Université de Paris 1 Panthéon - Sorbonne, Paris, France

    Selmin Nurcan

  4. Stockholm University, Kista, Sweden

    Janis Stirna

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Tom, J., Sing, E., Matulevičius, R. (2018). Conceptual Representation of the GDPR: Model and Application Directions. In: Zdravkovic, J., Grabis, J., Nurcan, S., Stirna, J. (eds) Perspectives in Business Informatics Research. BIR 2018. Lecture Notes in Business Information Processing, vol 330. Springer, Cham. https://doi.org/10.1007/978-3-319-99951-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-99951-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-99950-0

  • Online ISBN: 978-3-319-99951-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation