The European Parliament adopted the European General Data Protection Regulation (GDPR, EU 2016/679), which revolutionized the legislative framework for personal data protection within the European Union. The GDPR mandates organizations to shift from a passive approach, relying on minimum security measures outlined in the 1994 EU Direc- tive, to a proactive accountability-based approach. Organizations are expected to imple- ment verification systems, foster continuous improvement, and follow principles such as privacy by design and privacy by default. The latter principle emphasizes incorporating privacy considerations throughout the entire engineering process. The challenge for organi- zations lies in effectively auditing their compliance with the GDPR. This study proposes a structured approach based on the business process modeling to aid in GDPR compliance. It involves identifying crucial compliance points for the GDPR. A case study is presented where the method is applied to a purchase of a health insurance policy process in the con- text of the Secure Safe Apulia project.
Enhancing privacy awareness through a novel BPMN based methodology
Capodieci, Antonio;Mainetti, Luca;Paiano, Roberto;Matino, Sara;
2024-01-01
Abstract
The European Parliament adopted the European General Data Protection Regulation (GDPR, EU 2016/679), which revolutionized the legislative framework for personal data protection within the European Union. The GDPR mandates organizations to shift from a passive approach, relying on minimum security measures outlined in the 1994 EU Direc- tive, to a proactive accountability-based approach. Organizations are expected to imple- ment verification systems, foster continuous improvement, and follow principles such as privacy by design and privacy by default. The latter principle emphasizes incorporating privacy considerations throughout the entire engineering process. The challenge for organi- zations lies in effectively auditing their compliance with the GDPR. This study proposes a structured approach based on the business process modeling to aid in GDPR compliance. It involves identifying crucial compliance points for the GDPR. A case study is presented where the method is applied to a purchase of a health insurance policy process in the con- text of the Secure Safe Apulia project.| File | Dimensione | Formato | |
|---|---|---|---|
|
s11042-024-20308-6.pdf
solo utenti autorizzati
Descrizione: Prodotto
Tipologia:
Versione editoriale
Licenza:
Copyright dell'editore
Dimensione
967.16 kB
Formato
Adobe PDF
|
967.16 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
