Abstract
The General Data Protection Regulation requires, inter alia, the establishment of technical and organizational measures to ensure privacy properties. Software developers face the challenge of identifying these properties and suitable privacy enhancing techniques (PET). We conduct a literature study and identify eight privacy engineering approaches, which we analyze for their coverage of the GDPR privacy properties and for their support in software development phases. We conclude that recent privacy engineering approaches have the conceptual background to cover the GDPR, but advocate research on the integration of privacy concerns in software development processes.
Recommended Citation
Huth, Dominik and Matthes, Florian, "“Appropriate Technical and Organizational Measures”: Identifying Privacy Engineering Approaches to Meet GDPR Requirements" (2019). AMCIS 2019 Proceedings. 5.
https://aisel.aisnet.org/amcis2019/info_security_privacy/info_security_privacy/5
“Appropriate Technical and Organizational Measures”: Identifying Privacy Engineering Approaches to Meet GDPR Requirements
The General Data Protection Regulation requires, inter alia, the establishment of technical and organizational measures to ensure privacy properties. Software developers face the challenge of identifying these properties and suitable privacy enhancing techniques (PET). We conduct a literature study and identify eight privacy engineering approaches, which we analyze for their coverage of the GDPR privacy properties and for their support in software development phases. We conclude that recent privacy engineering approaches have the conceptual background to cover the GDPR, but advocate research on the integration of privacy concerns in software development processes.