Authors:
Clara Teixeira
1
;
André Vasconcelos
1
;
Pedro Sousa
1
and
Mª João Marques
2
Affiliations:
1
Instituto Superior Técnico, Avenida Rovisco Pais 1, Lisbon, Portugal
;
2
Admnistrive Modernization Agency, Rua de Santa Marta 55, Lisbon, Portugal
Keyword(s):
GDPR, Compliance, Personal Data, Enterprise Architecture Patterns.
Abstract:
With the growth of technology and the personalization and customization of the internet experiences, personal data has been stored and processed more and more. In some cases, the data subject has not agreed with the retrieval and the purpose of the processing. To solve this, the European Union (EU) parliament approved the General Data Protection Regulation (GDPR), a regulation that has the data subjects’ interests in mind. Since some of the concepts and requirements are hard to comprehend, patterns can help system architects and engineers to deliver GDPR compliant information systems. It is important to emphasize that these privacy-related concerns should be addressed at a design level, not after the implementation. This methodology is mostly known as privacy by design. This work focuses on the requirements brought by the GDPR and in providing enterprise architecture patterns to achieve GDPR compliance by proposing a library of patterns. This library is organized in 11 use cases with
the GDPR principles that they address; it has 22 patterns, each one handling one or more use cases, modeled in ArchiMate, for a clearer understanding of the solutions. The patterns are applied to a case study, and the impacts are assessed.
(More)