GDPR-Compliant Data Processing: Practical Considerations | SpringerLink
Skip to main content
Springer Nature Link
Log in

GDPR-Compliant Data Processing: Practical Considerations

  • Conference paper
  • First Online:
Information Systems (EMCIS 2021)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 437))

Abstract

We provide actionable guidance to organizations needing to comply with the European General Data Protection Regulation (GDPR). We use a data processing pipeline – Data collection, Data protection, and Data operations – to structure the discussion around regulation requirements (with references to specific articles and recitals), socio-technical challenges, and applicable security best practices and techniques. Ensuring compliance is critical since fines for infringements can mount up to 4% of the total worldwide annual turnover of the organization in the preceding financial year.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 12583
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 15729
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. AIDE - Advanced Intrusion Detection Environment, available on-line at https://github.com/aide/aide. Accessed 7 July 2020

  2. Anderson, R.: Security engineering: A Guide to Building Dependable Distributed Systems, 3rd edn. Wiley, Indianapolis, Indiana (2020)

    Book  Google Scholar 

  3. Antunes, N., Vieira, M.: Defending against web application vulnerabilities. Computer 45(2), 66–72 (2012)

    Article  Google Scholar 

  4. Article 29 Data Protection Working Party. Guidelines on the application and setting of administrative fines for the purposes of the Regulation 2016/679. http://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889. Accessed 7 July 2020

  5. Article 29 working party. guidelines on consent under regulation 2016/679 (wp259rev.01). https://ec.europa.eu/newsroom/article29/document.cfm?action=display&doc_id=51030. Accessed 7 July 2020

  6. Bellovin, S.M.: On the brittleness of software and the infeasibility of security metrics. IEEE Secur. Priv. 4(4), 96 (2006)

    Article  Google Scholar 

  7. Beye, M., Jeckmans, A., Erkin, Z., Hartel, P.H., Lagendijk, R., Tang, Q.: Privacy in Online Social Networks, pp. 87–113. Computational Social Networks. Springer, London (2012)

    Google Scholar 

  8. Boavida, F., Bernardes, M.: Introdução à Criptografia, FCA–Editora de Informática (2019)

    Google Scholar 

  9. Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., Holz, T.: We value your privacy. Now take some cookies: measuring the GDPR’s impact on web privacy (2018). arXiv preprint arXiv:1808.05096

  10. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data). https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A31995L0046. Accessed 7 July 2020

  11. Engels, B.: Data portability among online platforms. Internet Policy Rev. 5(2) (2016)

    Google Scholar 

  12. Fabian, B., Gürses, S., Heisel, M., Santen, T., Schmidt, H.: A comparison of security requirements engineering methods. Requirements Eng. 15(1), 7–40 (2010)

    Article  Google Scholar 

  13. Fryer, H., Simperl, E.: Web science challenges in researching bug bounties. In: Proceedings of the 2017 ACM on Web Science Conference, pp. 273–277 (2017)

    Google Scholar 

  14. GDPR Enforcement Tracker. https://www.enforcementtracker.com. Accessed 7 July 2020

  15. Intersoft Consulting. General Data Protection Regulation – Official Legal Text. https://gdpr-info.eu. Accessed 1 June 2020

  16. Janal, R.: Data portability-a tale of two concepts. J. Intell. Property, Inf. Technol. E-Commer. Law, 8(1), 59–69 (2017)

    Google Scholar 

  17. Flora, J.: Trusted execution environments. CSAM 6 Jan 2020

    Google Scholar 

  18. Liu, C., White, R.W., Dumais, S.: Understanding web browsing behaviors through Weibull analysis of dwell time. In: Proceedings of the 33rd International ACM SIGIR Conference on Research and Development in Information Retrieval, pp. 379–386 (2010)

    Google Scholar 

  19. Malandrino, D., Petta, A., Scarano, V., Serra, L., Spinelli, R., Krishnamurthy, B.: Privacy awareness about information leakage: who knows what about me? In: Proceedings of the 12th ACM workshop on Workshop on privacy in the electronic society, pp. 279–284 (2013)

    Google Scholar 

  20. Mendes, R., Vilela, J.P.: Privacy-preserving data mining: methods, metrics, and applications. IEEE Access 5, 10562–10582 (2017)

    Article  Google Scholar 

  21. Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, pp. 113–124 (2011)

    Google Scholar 

  22. Narayanan, A., Shmatikov, V.: How to break anonymity of the Netflix Prize dataset, arXiv e-print. http://arxiv.org/abs/cs/0610105. Accessed 8 July 2020

  23. Neto, A.A., Vieira, M.: Untrustworthiness: a trustbased security metric. Fourth Int. Conf. Risks Secur. Internet Syst. 2009, 123–126 (2009)

    Google Scholar 

  24. Omoronyia, I.: The case for privacy awareness requirements. In: Censorship, Surveillance, and Privacy: Concepts, Methodologies, Tools, and Applications, pp. 697–716. IGI Global (2019)

    Google Scholar 

  25. Open Web Application Security Project (OWASP) Secure Coding Practices - Quick Reference Guide. https://owasp.org/www-pdf-archive/OWASP_SCP_Quick_Reference_Guide_v2.pdf. Accessed 8 July 2020

  26. Politou, E., Alepis, E., Patsakis, C.: Forgetting personal data and revoking consent under the GDPR: Challenges and proposed solutions. J. Cybersecurity, 4(1), tyy001 (2018)

    Google Scholar 

  27. Prasser, F., Kohlmayer, F., Lautenschlaeger, R., Kuhn, K.A.: Arx-a comprehensive tool for anonymizing biomedical data. In: Proceedings of the AMIA Annual Symposium, pp. 984–993 (2014)

    Google Scholar 

  28. Publications Office of the European Union, 2.2. Preamble (citations and recitals). https://publications.europa.eu/code/en/en-120200.htm. Accessed 8 July 2020

  29. Regulation (EU) (2016/679) (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj. Accessed 8 July 2020

  30. Saltis, S.: GDPR explained in 5 minutes: everything you need to know. https://www.coredna.com/blogs/general-data-protection-regulation. Accessed 1 June 2020

  31. Sweeney, L.: K-anonymity: a model for protecting privacy. Internat. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(05), 557–570 (2002)

    Article  MathSciNet  Google Scholar 

  32. Teixeira, G.A., Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a systematic literature review. Digit. Policy, Regul. Governance. 21(4), 402–418 (2019)

    Article  Google Scholar 

  33. Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un) informed consent: studying GDPR consent notices in the field. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 973–990 (2019)

    Google Scholar 

  34. Vieira, M., Antunes, N.: Introduction to software security concepts. In: Cotroneo, D. (eds.) Innovative Technologies for Dependable OTS-Based Critical Systems. Springer, Milano (2013)

    Google Scholar 

  35. Villaronga, E.F., Kieseberg, P., Li, T.: Humans forget, machines remember: artificial intelligence and the right to be forgotten. Comput. Law Secur. Rev. 34(2), 304–313 (2018)

    Article  Google Scholar 

  36. Warren, T.: Zoom announces 90-day feature freeze to fix privacy and security issues. https://www.theverge.com/2020/4/2/21204018/zoom-security-privacy-feature-freeze-200-million-daily-users. Accessed 1 June 2020

  37. Wilson, K.S.: Conflicts among the pillars of information assurance. IT Professional 15(4), 44–49 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics Engineering, University of Coimbra, Coimbra, Portugal

    João Almeida & Paulo Rupino da Cunha

  2. Faculty of Law, University of Coimbra, Coimbra, Portugal

    Alexandre Dias Pereira

Authors
  1. João Almeida
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paulo Rupino da Cunha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alexandre Dias Pereira
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paulo Rupino da Cunha .

Editor information

Editors and Affiliations

  1. University of Nicosia, Nicosia, Cyprus

    Marinos Themistocleous

  2. British University in Dubai, Dubai, United Arab Emirates

    Maria Papadaki

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Almeida, J., da Cunha, P.R., Pereira, A.D. (2022). GDPR-Compliant Data Processing: Practical Considerations. In: Themistocleous, M., Papadaki, M. (eds) Information Systems. EMCIS 2021. Lecture Notes in Business Information Processing, vol 437. Springer, Cham. https://doi.org/10.1007/978-3-030-95947-0_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95947-0_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95946-3

  • Online ISBN: 978-3-030-95947-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation