On Purpose and by Necessity: Compliance under the GDPR

David Basin, Søren Debois, Thomas Hildebrandt

Publikation: Konference artikel i Proceeding eller bog/rapport kapitelKonferencebidrag i proceedingsForskningpeer review

Abstract

The European General Data Protection Regulation (GDPR) gives primacy to purpose: Data may be collected and stored only when (i) end-users have consented, often explicitly, to the purposes for which that data is collected, and (ii) the collected data is actually necessary for achieving these purposes. This development in data protection regulations begets the question: how do we audit a computer system's adherence to a purpose?
We propose an approach that identies a purpose with a business process,
and show how formal models of interprocess communication can be used
to audit or even derive privacy policies. Based on this insight, we propose
a methodology for auditing GDPR compliance. Moreover, we show how
given a simple interprocess data ow model, aspects of GDPR compliance
can be determined algorithmically.
OriginalsprogEngelsk
TitelFinancial Cryptography and Data Security. 22nd International Conference, FC 2018, Nieuwpoort, Curaçao, February 26 – March 2, 2018,
ForlagSpringer
Publikationsdato2018
ISBN (Trykt)978-3-662-58386-9
ISBN (Elektronisk)978-3-662-58387-6
StatusUdgivet - 2018
BegivenhedFinancial Cryptography and Data Security - Nieuwpoort, Curaçao
Varighed: 26 feb. 2018 → …

Konference

KonferenceFinancial Cryptography and Data Security
Land/OmrådeCuraçao
ByNieuwpoort
Periode26/02/2018 → …
NavnLecture Notes in Computer Science
Vol/bind10957
ISSN0302-9743

Emneord

  • GDPR Compliance
  • Privacy Policy Auditing
  • Business Process Modeling
  • Interprocess Communication
  • Data Protection Regulation

Fingeraftryk

Dyk ned i forskningsemnerne om 'On Purpose and by Necessity: Compliance under the GDPR'. Sammen danner de et unikt fingeraftryk.

Citationsformater