A Model-based Conceptualization of Requirements for Compliance Checking of Data Processing against GDPR

Orlando Amaral, Sallam Abualhaija, Mehrdad Sabetzadeh, Lionel Briand

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The General Data Protection Regulation (GDPR) has been recently introduced to harmonize the different data privacy laws across Europe. Whether inside the EU or outside, organizations have to comply with the GDPR as long as they handle personal data of EU residents. The organizations with whom personal data is shared are referred to as data controllers. When controllers subcontract certain services that involve processing personal data to service providers (also known as data processors), then a data processing agreement (DPA) has to be issued. This agreement regulates the relationship between the controllers and processors and also ensures the protection of individuals' personal data. Compliance with the GDPR is challenging for organizations since it is large and relies on complex legal concepts. In this paper, we draw on model-driven engineering to build a machine-analyzable conceptual model that characterizes DPA-related requirements in the GDPR. Further, we create a set of criteria for checking the compliance of a given DPA against the GDPR and discuss how our work in this paper can be adapted to develop an automated compliance checking solution.

Original languageEnglish
Title of host publicationProceedings - 29th IEEE International Requirements Engineering Conference Workshops, REW 2021
EditorsTao Yue, Mehdi Mirakhorli
PublisherIEEE Computer Society
Pages16-20
Number of pages5
ISBN (Electronic)9781665418980
DOIs
Publication statusPublished - Sep 2021
Externally publishedYes
Event29th IEEE International Requirements Engineering Conference Workshops, REW 2021 - Virtual, Notre Dame, United States
Duration: 20 Sep 202124 Sep 2021

Publication series

NameProceedings of the IEEE International Conference on Requirements Engineering
Volume2021-September
ISSN (Print)1090-705X
ISSN (Electronic)2332-6441

Conference

Conference29th IEEE International Requirements Engineering Conference Workshops, REW 2021
Country/TerritoryUnited States
CityVirtual, Notre Dame
Period20/09/2124/09/21

Keywords

  • Conceptual Modeling
  • Data Processing Agreements
  • General Data Protection Regulation (GDPR)
  • Qualitative Research
  • Regulatory Compliance

Fingerprint

Dive into the research topics of 'A Model-based Conceptualization of Requirements for Compliance Checking of Data Processing against GDPR'. Together they form a unique fingerprint.

Cite this