A Pattern Catalog for GDPR Compliant Data Protection

Similar documents
Bachelor Thesis Kick Off State of the Art in linking privacy requirements to technical solutions

Opportunities and Barriers for Advancing the API Economy within the Automotive Industry

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Privacy Management in Smart Cities

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

DaPIS: an Ontology-based Data Protection Icon Set

Robert Bond Partner, Commercial/IP/IT

Six Steps to MDM Success

ICT Measurement for Iran (IMI): Lessons Learned and Future Plan

GDPR Awareness. Kevin Styles. Certified Information Privacy Professional - Europe Member of International Association of Privacy professionals

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Advanced Research Methodology Design Science. Sjaak Brinkkemper

An introduction to these key work products

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

250 Introduction to Applied Programming Fall. 3(2-2) Creation of software that responds to user input. Introduces

LAB3-R04 A Hard Privacy Impact Assessment. Post conference summary

The Alan Turing Institute, British Library, 96 Euston Rd, London, NW1 2DB, United Kingdom; 3

REVISITING ACCOUNTANTS ROLE IN THE ERA OF INFORMATION TECHNOLOGY ADVANCEMENT

Сonceptual framework and toolbox for digital transformation of industry of the Eurasian Economic Union

INDUSTRY 4.0 IN THE REGION OF STUTTGART

Privacy and the EU GDPR US and UK Privacy Professionals

Pan-Canadian Trust Framework Overview

The IEEE Global Initiative on Ethics of Autonomous and Intelligent Systems. FairWare2018, 29 May 2018

COUNTRY REPORT: TURKEY

Smart Energy Developements and Status for Germany. 4th German-Japanese Envionmental Dialog Forum

Lecture 7 Ethics, Privacy, and Politics in the Age of Data

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

DriveSweden KRABAT POLICY LAB. Maria Schnurr, RISE Viktoria VICTA Innovation Bazaar 8 February 2018

Artificial Intelligence, Business, and the Law

Artificial Intelligence and Society: the Challenges Ahead Yuko Harayama Executive Member Council for Science, Technology and Innovation (CSTI)

ISO/IEC JTC1/WG11 (IT aspects of) Smart Cities

APEC Internet and Digital Economy Roadmap

Towards a systemic approach to unlock the transformative power of service innovation

Metrology in the Digital Transformation

Distributed Artificial Intelligence Laboratory. Future in touch. at CeBIT 2014 on March, 10th to 14th, Hall 9, Booth A 44

Data users and data producers interaction: the Web-COSI project experience

HealthTech: What does it mean for compliance?

ARTICLE 29 Data Protection Working Party

IP Teaching in Science and Engineering Faculties

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

SMART CITY VNPT s APPROACH & EXPERIENCE. VNPT Group

PROJECT FACT SHEET GREEK-GERMANY CO-FUNDED PROJECT. project proposal to the funding measure

Privacy Preserving, Standard- Based Wellness and Activity Data Modelling & Management within Smart Homes

ACTIVITIES JANUARY - DECEMBER, Development Technology Compliance

Smart Grids (SG) and European policy

Global citizenship at HP. Corporate accountability and governance. Overarching message

TECHNOLOGICAL COOPERATION MISSION COMPANY PARTNER SEARCH

Denmark as a digital frontrunner

Framework Programme 7

Development of the Digital Agenda 2030 Indonesia: Advanced Industry 4.0 Strategy

A New Transit Intermodal Mobility Concept

Transforming while performing Deep Dive: Artificial Intelligence. Hype or not?

GDPR & Teknologiske Trends

SERBIA. National Development Plan. November

National approach to artificial intelligence

Presentation by Matthias Reister Chief, International Merchandise Trade Statistics

Joint Declaration of Intent. of the Ministry of Economy, Trade and Industry of Japan, the Ministry of Internal Affairs and Communications of Japan

Fintech in Italy: opportunities and challenges for the digital transformation

Roadmap for European Universities in Energy December 2016

Social Innovation and new pathways to social changefirst insights from the global mapping

ISACA Privacy Principles and Program Management Guide. Yves LE ROUX CISM, CISSP ISACA Privacy TF Chairman. Insert Date Here

mpowering the Nations

Strategic Plan Approved by Council 7 June 2010

Governance and Ethics of Nanotechnology

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

What We Heard Report Inspection Modernization: The Case for Change Consultation from June 1 to July 31, 2012

Emerging Transportation Technology Strategic Plan for the St. Louis Region Project Summary June 28, 2017

MSc(CompSc) List of courses offered in

The new GDPR legislative changes & solutions for online marketing

The Game Changer: Privacy by Design

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

Smart cities: A human-centered approach Engineering and Construction Conference June 20 22, 2018

SMART DUBAI INSPIRING NEW REALITIES

Details of the Proposal

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

MEDIA AND INFORMATION

The Privacy Case. Matching Privacy-Protection Goals to Human and Organizational Privacy Concerns. Tudor B. Ionescu, Gerhard Engelbrecht SIEMENS AG

Smart City Indicators

17 January 2017 Information and Networking Days Richard Stevens - IDC. e-sides Ethical and Societal Implications of Data Sciences

Workshop on Legal and Policy Frameworks for Geospatial Information Management

A Guide for Structuring and Implementing PIAs

How do you teach AI the value of trust?

We would be delighted to discuss your needs and how we could support you, so please get in touch. Our contact details appear on the final page.

Artificial Intelligence and Law. Latifa Al-Abdulkarim Assistant Professor of Artificial Intelligence, KSU

Great Minds. Internship Program IBM Research - China

Smart Grid Maturity Model: A Vision for the Future of Smart Grid

RIS3-MCAT Platform: Monitoring smart specialization through open data

Protection of Privacy Policy

Zeinab El-Sadr Ministry of Scientific Research, Egypt CAASTNet Stakeholders Meeting, Dakar Senegal 25 th April 2012

Responsible Data Use Policy Framework

Final Report. MAASiFiE. Report Nr 1.2 May 2017

DELIVERABLE SEPE Exploitation Plan

2. Evidence themes and their importance along the development path

IEEE IoT Vertical and Topical Summit - Anchorage September 18th-20th, 2017 Anchorage, Alaska. Call for Participation and Proposals

Draft executive summaries to target groups on industrial energy efficiency and material substitution in carbonintensive

COURSE SCHEDULE

EUROPEAN COMMITTEE ON CRIME PROBLEMS (CDPC)

Smart cities Europe. Eddy Hartog, Head of Unit Smart Mobility and Living DG CONNECT European Commission

Big Data & AI Governance: The Laws and Ethics

Transcription:

A Pattern Catalog for GDPR Compliant Data Protection Dominik Huth, 22.11.2017, PoEM Doctoral Consortium Chair of Software Engineering for Business Information Systems (sebis) Faculty of Informatics Technische Universität München wwwmatthes.in.tum.de

Digital Identities Health applications Social networks Search Engines Interests Diseases Education (or lack thereof) Travel destinations Shopping behavior Motion profile Habits Conditions Master data Contacts Interests Online behavior Pictures Online retailers Master data Interests Credit rating Credit cards Authorities Financial institutions Master data Transactions Credit rating Master data Tax records Criminal record Credit rating Car manufacturers Employer Master data Motion profile of car Telemetrics Mobility providers Payment information Location Motion profile Ratings Energy provider Master data Consumption profile Smart meters Master data Tax information Education Past employers 171122 Huth PoEM DC sebis 2

EU General Data Protection Regulation (GDPR) GDPR key elements New territorial scope, definitions, Extended rights for data subjects: transparency, portability, objection, notification of data breach, rectification, erasure, Principle of accountability, data protection by design and default Records of processing activities, data protection impact assessments Designation of Data Protection Officer, certification mechanisms Fines of up to 4% revenue for non-compliance How can compliance with the GDPR be practically supported in the organization, consisting of people, processes and IT systems? Tikkinen-Piri, C., Rohunen, A., & Markkula, J. (2017). EU General Data Protection Regulation: Changes and implications for personal data collecting companies. Computer Law and Security Review, (2017). (link) 171122 Huth PoEM DC sebis 3

Visions & Goals Questions & KPIs Principles & Standards Strategies & Projects Legal Aspects Security An Enterprise Architecture Model Business Architecture Business Capabilities Organization & Processes Business Services Applications & Databases Infrastructure Services Infrastructure Elements Buckl, S., Ernst, A. M., Lankes, J., & Matthes, F. (2008). Enterprise Architecture Management Pattern Catalog. Sebis, TU München, (February), 322. (link) 171122 Huth PoEM DC sebis 4

Privacy by Design LINDDUN Method Privacy Patterns (PRIPARE project) Privacy Engineering Legal advice (Situational) Method Engineering Existing work for GDPR compliance Business Capabilities Organization & Processes Business Services Applications & Databases Infrastructure Services Infrastructure Elements 171122 Huth PoEM DC sebis 5

Pattern-based theory building Pattern-Based Design Research Grounding theories Organized collection of reusable practice-proven solutions Guide & structure Design Theories select Solution design Observe & conceptualize Pattern Language Pattern candidates configure Theory Practice Configured design learn deviations Instantiated solution Observations Buckl, S., Matthes, F., Schneider, A. W., & Schweda, C. M. (2013). Pattern-Based Design Research An Iterative Research Method Balancing Rigor and Relevance. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7939 LNCS, pp. 73 87). (link) 171122 Huth PoEM DC sebis 6

Requirements Stakeholders Solutions Pattern-Based Design Research Legal Advice Privacy Standards & Frameworks Method Engineering Privacy Engineering Guide & structure RQ1 GDPR Pattern Catalog RQ5 select Solution design Observe & conceptualize configure Theory RQ2 RQ4 Practice RQ3 GDPR project (planned) learn deviations GDPR project (executed) Observations Buckl, S., Matthes, F., Schneider, A. W., & Schweda, C. M. (2013). Pattern-Based Design Research An Iterative Research Method Balancing Rigor and Relevance. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7939 LNCS, pp. 73 87). (link) 171122 Huth PoEM DC sebis 7

Research Question 1 RQ1: Which conceptual frameworks exist that can be instrumented to describe regulatory requirements and the design of possible solutions? Goal: Literature study to structure existing work Possibly synthesize the knowledge in new visualizations Questions: What are relevant areas to consider, additional to what was presented in the existing work section? Are the areas represented correctly or do you disagree? 171122 Huth PoEM DC sebis 8

Research Question 2 RQ2: What are the elementary requirements of the GDPR and how can they be modeled with the existing concepts? Goal: Cooperation with legal expert at the chair: Taxonomy of Requirements (rights, obligation, condition, ) Visual approach for the requirements? Questions Could Articles/Requirements be represented using Ontologies? Is there any process support? 171122 Huth PoEM DC sebis 9

Research Question 3 RQ3: How is GDPR compliance achieved in practice? Goal: What is the process of adapting to a new regulation? Interview data protection officers from industry partners (individual and in workshops) Structured questionnaires to larger audience as soon as structure has evolved Questions Do you know of existing studies about GDPR practice? 171122 Huth PoEM DC sebis 10

Research Question 4 RQ4: How effective are the solutions that were identified as patterns? Goal: Collect positive and negative experiences with single patterns Survey among industry partners / participants of the GDPR workshop Questions Does it make sense to try to judge about effectiveness of patterns? Is this possible when considering a range of solutions (technical, organizational, cultural, strategic)? 171122 Huth PoEM DC sebis 11

Research Question 5 RQ5: How are solution options interrelated with each other? Which solutions are independent, which require other actions, and which replace other solution options? Goal: Dependency model of the identified solution options 171122 Huth PoEM DC sebis 12

Requirements Stakeholders Solutions Pattern-Based Design Research Legal Advice Privacy Standards & Frameworks Method Engineering Privacy Engineering Guide & structure RQ1 GDPR Pattern Catalog RQ5 select Solution design Observe & conceptualize configure Theory RQ2 RQ4 Practice RQ3 GDPR project (planned) learn deviations GDPR project (executed) Observations Buckl, S., Matthes, F., Schneider, A. W., & Schweda, C. M. (2013). Pattern-Based Design Research An Iterative Research Method Balancing Rigor and Relevance. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7939 LNCS, pp. 73 87). (link) 171122 Huth PoEM DC sebis 13

Questions to the audience Is it too early, too late or just the right time to do this work? Are patterns a suitable tool to support the implementation of a new concept? How to structure the process of knowledge extraction from industry? 171122 Huth PoEM DC sebis 14

Dipl. Math.oec. Dominik Huth Technische Universität München Faculty of Informatics Chair of Software Engineering for Business Information Systems Boltzmannstraße 3 85748 Garching bei München Tel +49.89.289. 17128 Fax +49.89.289.17136 dominik.huth@tum.de wwwmatthes.in.tum.de

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback