A Metamodel for GDPR-based Privacy Level Agreements
نویسندگان
چکیده
The adoption of the General Data Protection Regulation (GDPR) is a major concern for data controllers of the public and private sector, as they are obliged to conform to the new principles and requirements managing personal data. In this paper, we propose that the data controllers adopt the concept of the Privacy Level Agreement. We present a metamodel for PLAs to support privacy management, based on analysis of privacy threats, vulnerabilities and trust relationships in their Information Systems, whilst complying with laws and regulations, and we illustrate the relevance of the metamodel with the GDPR.
منابع مشابه
A Metamodel for Privacy Engineering Methods
Engineering privacy in information systems requires systematic methods to capture and address privacy issues throughout the development process. However, the diversity of both privacy and engineering approaches, together with the specific context and scope of each project, have spawned a plethora of privacy engineering methods. Method engineering can help to cope with this landscape, as it allo...
متن کاملStatic Analysis for GDPR Compliance
Information systems might access, manage and record sensitive data about citizens. In addition, the pervasiveness of these systems is dramatically increasing and increasing thanks to the mobile and the IoT revolutions. However, several unintended data breaches are reported every week, and this might compromise the privacy, safety, and security of citizens. For all these reasons, the European Pa...
متن کاملTowards an Understanding of Stakeholders and Dependencies in the EU GDPR
Personal data has evolved into an essential element of current business models, which pose new challenges to legislation and organizations. To address these challenges at a European level, the European Commission has passed the General Data Protection Regulation (GDPR). Using a data-driven approach, we identify the key stakeholders that are described in the GDPR, which are the data subject, the...
متن کاملToward GDPR-Compliant Socio-Technical Systems: Modeling Language and Reasoning Framework
Privacy is a key aspect for the European Union (EU), where it is regulated by a specific law, the General Data Protection Regulation (GDPR). Compliance to the GDPR is a problem for organizations, it imposes strict constraints whenever they deal with personal data and, in case of infringement, it specifies severe consequences such as legal and monetary penalties. Such organizations frequently ar...
متن کاملDesigning a GDPR-compliant and Usable Privacy Dashboard
The role of personal data gained significance across all business domains in past decades. Despite strict legal restrictions that processing personal data is subject to, users tend to respond to the extensive collection of data by service providers with distrust. Legal battles between data subjects and processors emphasized the need of adaptations by the current law to face today’s challenges. ...
متن کامل