Name
Abstract | ||
|---|---|---|
According to Article 35 of the General Data Protection Regulation (GDPR), data controllers are obligated to conduct a privacy impact assessment (PIA) to ensure the protection of sensitive data. Failure to properly protect sensitive data may affect data subjects negatively, and damage the reputation of data processors. Existing PIA approaches cannot be easily conducted, since they are mainly abstract or imprecise. Moreover, they lack a methodology to conduct the assessment concerning the design of IT systems. We propose a novel methodology to support PIA by performing model-based privacy and security analyses in the early phases of the system development. In our methodology, the design of a system is analyzed and, where necessary, appropriate security and privacy controls are suggested to improve the design. Hence, this methodology facilitates privacy by design as prescribed in Article 25 of the GDPR. We evaluated our methodology based on three industrial case studies and a quality-based comparison to the state of the art.
|
Year | DOI | Venue |
|---|---|---|
2018 | 10.1145/3167132.3167288 | SAC 2018: Symposium on Applied Computing
Pau
France
April, 2018 |
Keywords | Field | DocType |
Privacy impact assessment, Model-based engineering, Privacy, GDPR, Privacy by design | Privacy by Design,Information technology,Computer science,Risk analysis (engineering),Model based engineering,Privacy analysis,System development,Privacy Impact Assessment,General Data Protection Regulation,Reputation | Conference |
ISBN | Citations | PageRank |
978-1-4503-5191-1 | 3 | 0.38 |
References | Authors | |
12 | 4 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Amir Shayan Ahmadian | 1 | 18 | 2.68 |
| Daniel Strüber | 2 | 116 | 21.50 |
| Volker Riediger | 3 | 154 | 15.29 |
| Jan Jurjens | 4 | 169 | 16.07 |