Abstract
The exchange of sensitive information has become an important part of our daily lives. This does effect business and personal data. Data exchange is subject to legal regulations. Since May 2018, the European Data Protection Regulation (EU-GDPR) has specifically regulated the protection of personal data. The regulations and possible penalties for non-compliance still lead to uncertainty in many companies. This article exposes techniques in which day-to-day work can be designed in conformity with EU-GDPR. Therefore, we define privacy control patterns that transfer existing GDPR requirements into technical solution templates for compliant services. These patterns contain generally applicable guidelines in the sense of data protection and privacy. The catalogue of patterns serves as a book of reference for providers and users of ICT-services to reduce and overcome uncertainties associated with GDPR implementation and compliance. To demonstrate the implementation of our patterns, we introduce the application system EDV.
Recommended Citation
Rösch, Daniel; Schuster, Thomas; Waidelich, Lukas; and Alpers, Sascha, "Privacy Control Patterns for Compliant Application of GDPR" (2019). AMCIS 2019 Proceedings. 27.
https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/27
Privacy Control Patterns for Compliant Application of GDPR
The exchange of sensitive information has become an important part of our daily lives. This does effect business and personal data. Data exchange is subject to legal regulations. Since May 2018, the European Data Protection Regulation (EU-GDPR) has specifically regulated the protection of personal data. The regulations and possible penalties for non-compliance still lead to uncertainty in many companies. This article exposes techniques in which day-to-day work can be designed in conformity with EU-GDPR. Therefore, we define privacy control patterns that transfer existing GDPR requirements into technical solution templates for compliant services. These patterns contain generally applicable guidelines in the sense of data protection and privacy. The catalogue of patterns serves as a book of reference for providers and users of ICT-services to reduce and overcome uncertainties associated with GDPR implementation and compliance. To demonstrate the implementation of our patterns, we introduce the application system EDV.