Logo des Repositoriums
 

DPMF: A Modeling Framework for Data Protection by Design

dc.contributor.authorSion, Laurens
dc.contributor.authorDewitte, Pierre
dc.contributor.authorVan Landuyt, Dimitri
dc.contributor.authorWuyts, Kim
dc.contributor.authorValcke, Peggy
dc.contributor.authorJoosen, Wouter
dc.date.accessioned2023-05-11T05:44:24Z
dc.date.available2023-05-11T05:44:24Z
dc.date.issued2020
dc.description.abstractBuilding software-intensive systems that respect the fundamental rights to privacy and data protection requires explicitly addressing data protection issues at the early development stages. Data Protection by Design (DPbD)—as coined by Article 25(1) of the General Data Protection Regulation (GDPR)—therefore calls for an iterative approach based on (i) the notion of risk to data subjects, (ii) a close collaboration between the involved stakeholders and (iii) accountable decision-making. In practice, however, the legal reasoning behind DPbD is often conducted on the basis of informal system descriptions that lack systematicity and reproducibility. This affects the quality of Data Protection Impact Assessments (DPIA)—i.e. the concrete manifestation of DPbD at the organizational level. This is a major stumbling block when it comes to conducting a comprehensive and durable assessment of the risks that takes both the legal and technical complexities into account. In this article, we present DPMF, a data protection modeling framework that allows for a comprehensive and accurate description of the data processing operations in terms of the key concepts used in the GDPR. The proposed modeling approach supports the automation of a number of legal reasonings and compliance assessments (e.g., purpose compatibility) that are commonly addressed in a DPIA exercise and this support is strongly rooted upon the system description models. The DPMF is supported in a prototype modeling tool and its practical applicability is validated in the context of a realistic e-health system for a number of complementary development scenarios.en
dc.identifier.doi10.18417/emisa.15.10
dc.identifier.urihttps://dl.gi.de/handle/20.500.12116/41475
dc.language.isoen
dc.publisherGesellschaft für Informatik e.V.
dc.relation.ispartofEnterprise Modelling and Information Systems Architectures (EMISAJ) – International Journal of Conceptual Modeling: Vol. 15, Nr. 10
dc.subjectprivacy by design
dc.subjectdata protection
dc.subjectGDPR
dc.subjectdata protection by design
dc.subjectdata protection impact assessment
dc.subjectaccountability
dc.subjectprivacy impact assessment
dc.subjectarchitecture viewpoint
dc.titleDPMF: A Modeling Framework for Data Protection by Designen
dc.typeText/Journal Article
gi.citation.endPage53
gi.citation.publisherPlaceBerlin
gi.citation.startPage1

Dateien

Originalbündel
1 - 1 von 1
Lade...
Vorschaubild
Name:
emisaj_15_10.pdf
Größe:
1.81 MB
Format:
Adobe Portable Document Format