Privacy Data Management and Awareness for Public Administrations: A Case Study from the Healthcare Domain

Diamantopoulou, Vasiliki; Angelopoulos, Konstantinos; Flake, Julian; Praitano, Andrea; Ruiz, José Francisco; Jürjens, Jan; Pavlidis, Michalis; Bonutto, Dimitri; Sanz, Andrès Castillo; Mouratidis, Haralambos; Robles, Javier García; Tozzi, Alberto Eugenio

doi:10.1007/978-3-319-67280-9_11

Cited by 4 publications

(2 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main reason has been to empower the data subjects' data protection and rights. Before the advent of GDPR, there were many problems related to having distinct and different national regulations among the EU Countries [7], giving uncertainty on guaranteeing coherent EU citizen rights all over the Europe [31]. Such differences led to significant problems b https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_ design_and_by_default.pdf c https://cordis.europa.eu/project/id/787068 such as uncontrolled exchange, manipulation and exploitation of user data with important drawbacks and impact for the EU citizens.…”

Section: Introductionmentioning

confidence: 99%

“…Such differences led to significant problems b https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_ design_and_by_default.pdf c https://cordis.europa.eu/project/id/787068 such as uncontrolled exchange, manipulation and exploitation of user data with important drawbacks and impact for the EU citizens. The lack of a ''standard'' in Europe, for these crucial aspects, created problems also to organizations interested in enlarging their market [7]. For instance, companies having businesses in a EU country had to be compliant with the specific national data protection regulation of that Country, and if they wanted to extend services to more EU Countries, they would have had to cope with different regulations for selling the same products, by dealing differently with personal data of their customers [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Data Scope Management Service to Support Privacy by Design and GDPR Compliance

Piras

Al-Obeidallah

Pavlidis³

et al. 2021

JDI

Self Cite

View full text Add to dashboard Cite

In order to empower user data protection and user rights, the European General Data Protection Regulation (GDPR) has been enforced. On the positive side, the user is obtaining advantages from GDPR. However, organisations are facing many difficulties in interpreting GDPR, and to properly applying it, and, in the meanwhile, due to their lack of compliance, many organisations are receiving huge fines from authorities. An important challenge is compliance with the Privacy by Design and by default (PbD) principles, which require that data protection is integrated into processing activities and business practices from the design stage. Recently, the European Data Protection Board (EDPB) released an official document with PbD guidelines, and there are various efforts to provide approaches to support these. However, organizations are still facing difficulties in identifying a flow for executing, in a coherent, linear and effective way, these activities, and a complete toolkit for supporting this. In this paper, we propose the design of such flow, and our comprehensive supporting toolkit, as part of the DEFeND EU Project platform. Within DEFeND, we identified candidate tools, fulfilling specific GDPR aspects, and integrated them in a comprehensive toolkit: the DEFeND Data Scope Management service (DSM). The aim of DSM is to support organizations for continuous GDPR compliance through model-based Privacy by Design analysis. Here, we present DSM, its design, flow, and a preliminary case study and evaluation performed with pilots from the healthcare, banking, public administration and energy sectors.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%