"The Grace Period Has Ended": An Approach to Operationalize GDPR Requirements
|Title:||"The Grace Period Has Ended": An Approach to Operationalize GDPR Requirements||Authors:||Ayala-Rivera, Vanessa; Pasquale, Liliana||Permanent link:||http://hdl.handle.net/10197/10526||Date:||24-Aug-2018||Online since:||2019-05-20T10:16:25Z||Abstract:||The General Data Protection Regulation (GDPR) aims to protect personal data of EU residents and can impose severe sanctions for non-compliance. Organizations are currently implementing various measures to ensure their software systems fulfill GDPR obligations such as identifying a legal basis for data processing or enforcing data anonymization. However, as regulations are formulated vaguely, it is difficult for practitioners to extract and operationalize legal requirements from the GDPR. This paper aims to help organizations understand the data protection obligations imposed by the GDPR and identify measures to ensure compliance. To achieve this goal, we propose GuideMe, a 6-step systematic approach that supports elicitation of solution requirements that link GDPR data protection obligations with the privacy controls that fulfill these obligations and that should be implemented in an organization's software system. We illustrate and evaluate our approach using an example of a university information system. Our results demonstrate that the solution requirements elicited using our approach are aligned with the recommendations of privacy experts and are expressed correctly.||Funding Details:||European Research Council
Science Foundation Ireland
|Type of material:||Conference Publication||Publisher:||IEEE||Copyright (published version):||2018 IEEE||Keywords:||GDPR; Compliance; Privacy; Requirements||DOI:||10.1109/RE.2018.00023||Other versions:||https://ieeexplore-ieee-org.ucd.idm.oclc.org/abstract/document/8491130||Language:||en||Status of Item:||Peer reviewed||Is part of:||2018 IEEE 26th International Requirements Engineering Conference (RE)||Conference Details:||IEEE 26th International Requirements Engineering Conference (RE), Banff, Canada, 20-24 August 2018|
|Appears in Collections:||Computer Science Research Collection|
Show full item record
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.