Wilhelm, SebastianGerl, ArminMeyer, HolgerRitter, NorbertThor, AndreasNicklas, DanielaHeuer, AndreasKlettke, Meike2019-04-152019-04-152019978-3-88579-684-8https://dl.gi.de/handle/20.500.12116/21812In 2018 the General Data Protection Regulation (GDPR) has been enforced providing a new legal framework with rules and regulations for processing personal data. The requirement for distinguishing between purposes has been introduced, leading to the necessity of adapting existing authentication and authorization processes. We introduce a detailed authentication and authorization extension, which is able to verify requests on personal data based on the Layered Privacy Language (LPL). This extension is evaluated in the form of a benchmark, utilizing the Policy-based De-identification, to demonstrating its efficiency and suitability for data-warehouses.enAccess ControlGDPRPrivacyPrivacy Language10.18420/btw2019-ws-251617-5468