ABSTRACT
High returns for processing personal data and low penalties for privacy violations led to the circumstance that protection of privacy was often not considered a priority. To counter this habit and to harmonize data protection laws throughout the European Union, the EU-Commission has adopted the General Data Protection Regulation (GDPR), clarifying data subject rights and ensuring an appropriate level of privacy protection.
Through high penalties for non-compliance (i.e. up to 2% - 4% of the annual worldwide turnover), GDPR was able to put high pressure on organizations to comply with the requirements. However, studies have shown that organizations are often overwhelmed by the actual requirements.
In this paper, we therefore aim to support organization to understand this complex topic by providing an ontology-based data protection knowledge base, which highlights the interdependency of GDPR and information security.
- Austrian Data Protection Authority. 2014. Federal Act concerning the Protection of Personal Data (DSG 2000). (2014).Google Scholar
- Heiko Behrendt. 2016. Neue Anforderungen der DSGVO für die IT Sicherheit. ULD - Unabhängiges Landeszentrum für Datenschutz (2016).Google Scholar
- Bundesamt für Sicherheit in der Informationstechnik. 2017. DSGVO BfDI Info 6. (2017).Google Scholar
- Auriol Degbelo. 2017. A Snapshot of Ontology Evaluation Criteria and Strategies. In Proceedings of Semantics 2017. Google ScholarDigital Library
- Andreas Ekelhart, Stefan Fenz, Markus D Klemen, and Edgar R Weippl. 2006. Security ontology: Simulating threats to corporate assets. In International Conference on Information Systems Security. Springer, 249--259. Google ScholarDigital Library
- EU-Commission. 2000. Charter of Fundamental Rights of the European Union. Official Journal of the European Communities (2000).Google Scholar
- EU-Commission. 2018. General Data Protection Regulation. Official Journal of the European Communities (2018).Google Scholar
- EU-Commission. 2018. Protection of personal data. Retrieved August 30, 2018 from https://ec.europa.eu/info/aid-development-cooperation-fundamental-rights/your-rights-eu/know-your-rights/freedoms/protection-personal-data_en/Google Scholar
- European Privacy Seal. 2017. EuroPriSe Criteria for the certification of IT products and IT-based services. (2017).Google Scholar
- Matthew Horridge. 2009. A Practical Guide To Building OWL Ontologies Using Protege. The University Of Manchester (2009).Google Scholar
- IBM. 2017. 10 Key Marketing Trends for 2017. Retrieved June 25, 2018 from https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=WRL12345USENGoogle Scholar
- ISO/IEC. 2013. ISO 27001: Information technology -- Security techniques -- Information security management systems - Requirements. (2013).Google Scholar
- ISO/IEC. 2013. ISO 27002: Information technology - Security techniques - Code of practice for information security controls. (2013).Google Scholar
- ISO/IEC Working Draft. 2017. ISO 27552: Information technology - Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines. (2017).Google Scholar
- Rainer Knyrim. 2017. DSGVO: Datenschutz-Grundverordnung. MANZ'sche Verlags-und Universitätsbuchhandlung.Google Scholar
- Isaac Kohen. 2017. GDPR Compliance: The impact on the information security sector. Retrieved June 25, 2018 from http://bigdata-madesimple.com/gdpr-compliance-the-impact-on-the-information-security-sector/Google Scholar
- Eirini Mougiakou and Maria Virvou. 2017. Based on GDPR privacy in UML: Case of e-learning program. In Information, Intelligence, Systems & Applications (IISA), 2017 8th International Conference on. IEEE, 1--8.Google Scholar
- E. Moyakine. 2018. GDPR and Cyber Security: An opportunity that cannot be ignored. Retrieved June 25, 2018 from https://www.scmagazineuk.com/gdpr-and-cybersecurity-an-opportunity-that-cannot-be-ignored/article/739688/Google Scholar
- Natalya F Noy, Deborah L McGuinness, et al. 2001. Ontology development 101: A guide to creating your first ontology. (2001).Google Scholar
- ITGP Privacy. 2017. EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide. IT Governance Ltd. Google ScholarDigital Library
- Bel G Raggad. 2010. Information security management: concepts and practice. CRC Press. Google ScholarDigital Library
- Knyrim Rainer. 2012. Datenschutzrecht: Praxishandbuch für richtiges Registrieren, Verarbeiten, Übermitteln, Zustimmen, Outsourcen, Werben uvm. Manz.Google Scholar
- Slimani Thabet. {n. d.}. A Study on Ontologies and their Classification. Recent Advances in Electrical Engineering and Educational Technologies ({n. d.}).Google Scholar
- ULD. 2018. Standard Datenschutzmodell SDM. In Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder.Google Scholar
- Veriscan Security AB. 2017. Information Security Management System (ISMS) and handling of personal data. Retrieved Oktober 12, 2017 from http://veriscan.se/assets/media/Produktblad/ISMS%20and%20GDPR_EN_v1.0.pdfGoogle Scholar
- Michael E Whitman and Herbert J Mattord. 2011. Principles of information security. Cengage Learning. Google ScholarDigital Library
Index Terms
- An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security
Recommendations
Are We There Yet?: Understanding the Challenges Faced in Complying with the General Data Protection Regulation (GDPR)
MPS '18: Proceedings of the 2nd International Workshop on Multimedia Privacy and SecurityThe EU General Data Protection Regulation (GDPR), enforced from 25\textsuperscriptth May 2018, aims to reform how organisations view and control the personal data of private EU citizens. The scope of GDPR is somewhat unprecedented: it regulates every ...
Using artificial intelligence to support compliance with the general data protection regulation
The General Data Protection Regulation (GDPR) is a European Union regulation that will replace the existing Data Protection Directive on 25 May 2018. The most significant change is a huge increase in the maximum fine that can be levied for breaches of ...
General Data Protection Regulation: new ethical and constitutional aspects, along with new challenges to information law
The EU 'General Data Protection Regulation' (GDPR) marked the most important step towards reforming data privacy regulation in recent years, as it has brought about significant changes in data process in various sectors, ranging from healthcare to banking ...
Comments