Currently, the scientific communities and private companies are actively working to provide theoretical and practical solutions for enforcing the adoption of the General Data Protection Regulation (GDPR) and its compliance problem. In line with the principle of data protection by design, the paper proposes an approach for the automation and enforcement of GDPR requirements. The idea is to extend the currently adopted access control mechanisms so to leverage them to the enforcement of GDPR compliance during business activities of data management and analysis. From a practical point of view, this means to integrate into the existing business processes specific facilities for assisting in the design, development, maintenance, and verification of the GDPR requirements as well as to modify the language and architecture of the access control systems so as to let the management of GDPR principles and obligations. For this, the basic steps of the proposed approach are provided as well as an example used to clarify the integrated use of access control systems and business process models.

Integrating access control and business process for GDPR compliance: a preliminary study

Calabro' A.;Daoudagh S.;Marchetti E.
2019

Abstract

Currently, the scientific communities and private companies are actively working to provide theoretical and practical solutions for enforcing the adoption of the General Data Protection Regulation (GDPR) and its compliance problem. In line with the principle of data protection by design, the paper proposes an approach for the automation and enforcement of GDPR requirements. The idea is to extend the currently adopted access control mechanisms so to leverage them to the enforcement of GDPR compliance during business activities of data management and analysis. From a practical point of view, this means to integrate into the existing business processes specific facilities for assisting in the design, development, maintenance, and verification of the GDPR requirements as well as to modify the language and architecture of the access control systems so as to let the management of GDPR principles and obligations. For this, the basic steps of the proposed approach are provided as well as an example used to clarify the integrated use of access control systems and business process models.
2019
Istituto di Scienza e Tecnologie dell'Informazione "Alessandro Faedo" - ISTI
Access control
Business process
GDPR compliance
File in questo prodotto:
File Dimensione Formato  
prod_415737-doc_150871.pdf

accesso aperto

Descrizione: Integrating access control and business process for GDPR compliance: A preliminary study
Tipologia: Versione Editoriale (PDF)
Licenza: Creative commons
Dimensione 581.41 kB
Formato Adobe PDF
581.41 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/374751
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 5
  • ???jsp.display-item.citation.isi??? ND
social impact