The European General Data Protection Regulation (GDPR, EU 2016/679), adopted by the European Parliament has profoundly changed the legislative approach to the protection of personal data by the European Union. The GDPR provisions require organizations to make deep changes. Organizations have to shift from an approach based on the adoption of minimum-security measures, provided by the EU Directive of 1994, to a proactive approach based on accountability. Organizations that manage personal data of EU citizens have to adopt systems of verification and continuous improvement and adopt principles such as privacy by design and privacy by default. The rule of “privacy by design” calls for privacy to be taken into account throughout the whole engineering process. A key point is the methods for checking compliance with GDPR. This paper proposes a structured approach based on business process modelling, to support compliance with the GDPR. We have identified an approach that has to identify the most important key points for GDPR compliance.
A Structured Approach to GDPR Compliance
CAPODIECI A.;MAINETTI L.
2020-01-01
Abstract
The European General Data Protection Regulation (GDPR, EU 2016/679), adopted by the European Parliament has profoundly changed the legislative approach to the protection of personal data by the European Union. The GDPR provisions require organizations to make deep changes. Organizations have to shift from an approach based on the adoption of minimum-security measures, provided by the EU Directive of 1994, to a proactive approach based on accountability. Organizations that manage personal data of EU citizens have to adopt systems of verification and continuous improvement and adopt principles such as privacy by design and privacy by default. The rule of “privacy by design” calls for privacy to be taken into account throughout the whole engineering process. A key point is the methods for checking compliance with GDPR. This paper proposes a structured approach based on business process modelling, to support compliance with the GDPR. We have identified an approach that has to identify the most important key points for GDPR compliance.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.