"The Grace Period Has Ended": An Approach to Operationalize GDPR Requirements

Files in This Item:
File Description SizeFormat 
RE18pre_AyalaRivera.pdf1.27 MBAdobe PDFDownload
Title: "The Grace Period Has Ended": An Approach to Operationalize GDPR Requirements
Authors: Ayala-Rivera, VanessaPasquale, Liliana
Permanent link: http://hdl.handle.net/10197/10526
Date: 24-Aug-2018
Online since: 2019-05-20T10:16:25Z
Abstract: The General Data Protection Regulation (GDPR) aims to protect personal data of EU residents and can impose severe sanctions for non-compliance. Organizations are currently implementing various measures to ensure their software systems fulfill GDPR obligations such as identifying a legal basis for data processing or enforcing data anonymization. However, as regulations are formulated vaguely, it is difficult for practitioners to extract and operationalize legal requirements from the GDPR. This paper aims to help organizations understand the data protection obligations imposed by the GDPR and identify measures to ensure compliance. To achieve this goal, we propose GuideMe, a 6-step systematic approach that supports elicitation of solution requirements that link GDPR data protection obligations with the privacy controls that fulfill these obligations and that should be implemented in an organization's software system. We illustrate and evaluate our approach using an example of a university information system. Our results demonstrate that the solution requirements elicited using our approach are aligned with the recommendations of privacy experts and are expressed correctly.
Funding Details: European Research Council
Science Foundation Ireland
Type of material: Conference Publication
Publisher: IEEE
Copyright (published version): 2018 IEEE
Keywords: GDPRCompliancePrivacyRequirements
DOI: 10.1109/RE.2018.00023
Other versions: https://ieeexplore-ieee-org.ucd.idm.oclc.org/abstract/document/8491130
Language: en
Status of Item: Peer reviewed
Is part of: 2018 IEEE 26th International Requirements Engineering Conference (RE)
Conference Details: IEEE 26th International Requirements Engineering Conference (RE), Banff, Canada, 20-24 August 2018
Appears in Collections:Computer Science Research Collection

Show full item record

Citations 50

Last Week
Last month
checked on Jan 26, 2020

Page view(s)

Last Week
Last month
checked on Jan 26, 2020

Download(s) 50

checked on Jan 26, 2020

Google ScholarTM



This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. For other possible restrictions on use please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.