Filters








765 Hits in 6.6 sec

DPCat: Specification for an Interoperable and Machine-Readable Data Processing Catalogue based on GDPR

Paul Ryan, Rob Brennan, Harshvardhan J. Pandit
2022 Zenodo  
GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a Register of Processing Activities (ROPA) as part of overseeing the organisation's compliance processes.  ...  DPCat represents a comprehensive semantic model developed from GDPR's Article 30 and an analysis of the 17 ROPA templates from EU Data Protection Authorities (DPA).  ...  Pandit has received funding under the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.  ... 
doi:10.5281/zenodo.6448788 fatcat:mnnuwzfhzrforozvpuoswphbui

DPCat: Specification for an Interoperable and Machine-Readable Data Processing Catalogue based on GDPR

Paul Ryan, Rob Brennan, Harshvardhan J. Pandit
2022 Zenodo  
The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a Register of Processing Activities (ROPA) as part of overseeing the organisation's compliance processes.  ...  We propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of ROPA information, as catalogues in a machine-readable and interoperable manner.  ...  record of personal data processing activities carried out under their responsibility (GDPR Art.30).  ... 
doi:10.5281/zenodo.6536363 fatcat:rgka7lvor5dv3atngl4lt43rce

Building a Data Processing Activities Catalog: Representing Heterogeneous Compliance-related Information for GDPR using DCAT-AP and DPV

Paul Ryan, Harshvardhan J. Pandit, Rob Brennan
2021 Zenodo  
This information must be collated to assess and document GDPR legal compliance, such as creating a Register of Processing Activities (ROPA).  ...  To show our approach's feasibility, we demonstrate a deployment use case and develop a prototype system based on diverse data processing records and a standard set of SPARQL queries for a Data Protection  ...  For the purpose of Open Access, the author has applied a CC BY public copyright licence to any Author Accepted Manuscript version arising from this submission  ... 
doi:10.5281/zenodo.5001008 fatcat:w7szlcsfxfgqtkohjx5g6b4izq

Privacy-Aware Cloud Auditing for GDPR Compliance Verification in Online Healthcare

Masoud Barati, Gagangeet Singh Aujla, Jose Tomas Llanos, Kwabena Adu Duodu, Omer F. Rana, Madeline Carr, Rajiv Rajan
2021 IEEE Transactions on Industrial Informatics  
Using a healthcare pharmacy scenario and extensive real-world experiments, we validate the feasibility of the proposed technique.  ...  The emergence of data protection regulations around the world, such as General Data Protection Regulation (GDPR) in Europe and the Data Protection Act (DPA) in the UK, further emphasise the need to overcome  ...  This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication.  ... 
doi:10.1109/tii.2021.3100152 fatcat:2ann4gnuqjf4xiyllq6dm6xgpy

Enterprise architecture management as a solution for addressing general data protection regulation requirements in a big data context: a systematic mapping study

Georgios Georgiadis, Geert Poels
2021 Information Systems and E-Business Management  
This raises the question whether Enterprise Architecture Management (EAM), as an approach for ensuring the coherence, strategic alignment and focus on value creation of all organisational resources, offers  ...  Method We used Systematic Mapping Review (SMR), which is a methodology for literature review aimed at surveying the state-of-the-art in a research field as it is documented in the scientific literature  ...  For example, they show in Huth et al. (2019) how EAM models could be used for creating the Record of Processing Activities (RPA), which one of the strict legal obligations, as per Art.30 of the GDPR.  ... 
doi:10.1007/s10257-020-00500-5 fatcat:odmu3xgbenbodfuybqnpqmnwxi

Cloud Native Privacy Engineering through DevPrivOps [article]

Elias Grünewald
2021 arXiv   pre-print
Altogether, we show that cloud native privacy engineering advances the state of the art of privacy by design and by default using latest technologies.  ...  In this paper, we identify the conceptual dimensions of cloud native privacy engineering and propose an integrative approach to be addressed in practice to overcome the shortcomings of existing privacy  ...  of the Federal Ministry of Justice and Consumer Protection (BMJV) based on a decision of the Parliament of the Federal Republic of Germany via the Federal Office for Agriculture and Food (BLE) under the  ... 
arXiv:2108.00927v2 fatcat:mky5uuly7jayjhltdqp5swmwfy

Representing Activities associated with Processing of Personal Data and Consent using Semantic Web for GDPR Compliance

Harshvardhan J. Pandit, Dave Lewis, Declan O'Sullivan
2020 Zenodo  
In particular, it addresses three deficits within the current state of the art for utilising linked data approaches for GDPR compliance.  ...  This thesis presents the use of semantic web technologies to represent and associate information regarding processing of personal data and consent with GDPR for assistance with its compliance.  ...  ACKNOWLEDGEMENTS The first and foremost acknowledgement I would like to make is in thanking my supervisors -Dave Lewis and Declan O'Sullivan.  ... 
doi:10.5281/zenodo.3795513 fatcat:qmyotfakhjcdxoksp6pff2uzfm

Translation of GDPR article 32 into effective privacy governance and management practices. A view on GDPR ambiguity, non-compliancy risks and effectiveness of ISO 27701:2019 as Privacy Management System

Nico J W Kuijper, Prof. Dr. Ing. Hans Mulder
2020 Zenodo  
What are the (perceived) risks, ambiguities, the required governance and (change) management activities of this most violated GDPR article and are these effectively addressed in ISO 27701 as Privacy Information  ...  This context has led to the formulation of the main research question of this paper: What are the most violated GDPR articles/aspects in combination with the highest fines?  ...  (DIETZ, Design process and architecture). § 5.9 Synthesis of the findings 6.  ... 
doi:10.5281/zenodo.3891539 fatcat:gvr6gvhcyvftnjab7pngdecqmi

Smart Grid Challenges Through the Lens of the European General Data Protection Regulation [chapter]

Jabier Martinez, Alejandra Ruiz, Javier Puelles, Ibon Arechalde, Yuliya Miadzvetskaya
2020 Lecture Notes in Information Systems and Organisation  
The General Data Protection Regulation (GDPR) was conceived to remove the obstacles to the free movement of personal data while ensuring the protection of natural persons with regard to the processing  ...  We provide a review of existing works highlighting the importance of energy consumption as valuable personal data as well as an analysis of the established Smart Grid Architecture Model and its main challenges  ...  This work is funded by the PDP4E project, H2020 European Project Number: 787034.  ... 
doi:10.1007/978-3-030-49644-9_7 fatcat:3dfudeqltbdlrkhyaj6vjo2ll4

GDPR-Compliant Personal Data Management: A Blockchain-based Solution

Nguyen Binh Truong, Kai Sun, Gyu Myoung Lee, Yike Guo
2019 IEEE Transactions on Information Forensics and Security  
The platform enables data owners to impose data usage consent, ensures only designated parties can process personal data, and logs all data activities in an immutable distributed ledger using smart contract  ...  This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies.  ...  System architecture of a GDPR-compliant social networking service with the RS for personal profiles using HLF. B.  ... 
doi:10.1109/tifs.2019.2948287 fatcat:f2rc4z7p7zb7vbhckwskmdy4ha

GDPR-Compliant Personal Data Management: A Blockchain-based Solution [article]

Nguyen Binh Truong, Kai Sun, Gyu Myoung Lee, Yike Guo
2019 arXiv   pre-print
The platform enables data owners to impose data usage consent, ensures only designated parties can process personal data, and logs all data activities in an immutable distributed ledger using smart contract  ...  This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain (BC) and smart contract technologies.  ...  ACKNOWLEDGMENT This research was supported by the HNA Research Centre for Future Data Ecosystems at Imperial College London.  ... 
arXiv:1904.03038v1 fatcat:msazlweanvcarlektk5rv4wwfy

Lean integration of IT security and data privacy governance aspects into product development in agile organizations

Alexander Poth, Mario Kottke, Kerstin Middelhauve, Torsten Mahr, Andreas Riel
2021 Journal of universal computer science (Online)  
The layers can be merged into a specific set to address the demands of a product to fit the state-of-the-art requirements of its domain.  ...  For the product domain, specific layers are presented with examples from IT security and data privacy for the software development phase.  ...  Additionally, over time we expect that the amount of LoD layers will grow, driven by the company's obligation of addressing the different product and business domains of their increasingly heterogeneous  ... 
doi:10.3897/jucs.71770 fatcat:pkqu2q3mbfcjfbkm6zi7zlstf4

GDPR Compliance Challenges for Interoperable Health Information Exchanges (HIEs) and Trustworthy Research Environments (TREs)

Ed Conley, Matthias Pocs
2018 European Journal for Biomedical Informatics  
Conclusion: We recognise the need for wider implementation of rigorous interoperability standards concerning privacy and security management.  ...  Comprehensive model-based approaches to information management will be fundamental to guaranteeing security and privacy in challenging areas such as ethical use of artificial intelligence in medicine.  ...  We also thank Peter Gryffoy for analysis and insights underlying  ... 
doi:10.24105/ejbi.2018.14.3.7 fatcat:ohbj6hj4erbl3cyinni56mlw5u

D1.1 - ASCLEPIOS Technical, Security, Healthcare and Data Privacy Requirements

Norwegian Centre For E-Health Research, RISE Research Institutes Of Sweden AB, SECURA BV
2019 Zenodo  
Documentation of the technical and security requirements that will guide the development and will define the capabilities of the IT components of ASCLEPIOS.  ...  Auditability Rationale: Article 30 of the GDPR requires that controllers, for example healthcare organizations, shall maintain a record of processing activities under their responsibility.  ...  as Art. 89 of the GDPR.  ... 
doi:10.5281/zenodo.4022256 fatcat:d43ttwlr3vhldo7y5nrf373gs4

Methodology and workflow to perform the Data Protection Impact Assessment in healthcare information systems

Marco Todde, Marco Beltrame, Sara Marceglia, Cinzia Spagno
2020 Informatics in Medicine Unlocked  
The new regulation introduces two specific duties: the Record of Processing Activities (ROPA) and, for each high-risk processing, the Data Protection Impact Assessment (DPIA).  ...  of the processing activity per se.  ...  Acknowledgments and funding This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.  ... 
doi:10.1016/j.imu.2020.100361 fatcat:7yq3iq3smnhvxgnqjgiy7wf4gy
« Previous Showing results 1 — 15 out of 765 results