Logo des Repositoriums

Auflistung nach Schlagwort "data protection by design"

1 - 2 von 2
  • Zeitschriftenartikel
    DPMF: A Modeling Framework for Data Protection by Design
    (Enterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 10, 2020) Sion, Laurens; Dewitte, Pierre; Van Landuyt, Dimitri; Wuyts, Kim; Valcke, Peggy; Joosen, Wouter
    Building software-intensive systems that respect the fundamental rights to privacy and data protection requires explicitly addressing data protection issues at the early development stages. Data Protection by Design (DPbD)—as coined by Article 25(1) of the General Data Protection Regulation (GDPR)—therefore calls for an iterative approach based on (i) the notion of risk to data subjects, (ii) a close collaboration between the involved stakeholders and (iii) accountable decision-making. In practice, however, the legal reasoning behind DPbD is often conducted on the basis of informal system descriptions that lack systematicity and reproducibility. This affects the quality of Data Protection Impact Assessments (DPIA)—i.e. the concrete manifestation of DPbD at the organizational level. This is a major stumbling block when it comes to conducting a comprehensive and durable assessment of the risks that takes both the legal and technical complexities into account. In this article, we present DPMF, a data protection modeling framework that allows for a comprehensive and accurate description of the data processing operations in terms of the key concepts used in the GDPR. The proposed modeling approach supports the automation of a number of legal reasonings and compliance assessments (e.g., purpose compatibility) that are commonly addressed in a DPIA exercise and this support is strongly rooted upon the system description models. The DPMF is supported in a prototype modeling tool and its practical applicability is validated in the context of a realistic e-health system for a number of complementary development scenarios.
  • Textdokument
    A Model-Based Framework for Simplified Collaboration of Legal and Software Experts in Data Protection Assessments
    (INFORMATIK 2022, 2022) Boltz,Nicolas; Sterz,Leonie; Gerking,Christopher; Raabe,Oliver
    The protection of personal data has become an increasingly important issue. Legal norms focused on data protection, such as the GDPR, provide legally binding requirements for systems that process personal data. Article 25 of the GDPR refers to the obligation to Data Protection by Design and Default. This can be achieved by conducting DPLA of the system in the early stages of development and implementing data protection concepts where necessary. This ties in with Article 35, which refers to an obligation to conduct DPLA before the actual processing of data. To aid in conducting continuous DPLA during the design time of software systems, we propose a model-based collaboration framework. This framework not only aids in providing consistent views of the software system for legal experts and software architects but also simplifies communication between both parties. We discuss the overall goals and benefits of such a framework and go into detail about the processes that interact as part of the framework. We also try to align legal concepts with the processes and describe the continuous iterative development using the collaboration framework.