Toward GDPR-Compliant Socio-Technical Systems: Modeling Language and Reasoning Framework
نویسندگان
چکیده
Privacy is a key aspect for the European Union (EU), where it is regulated by a specific law, the General Data Protection Regulation (GDPR). Compliance to the GDPR is a problem for organizations, it imposes strict constraints whenever they deal with personal data and, in case of infringement, it specifies severe consequences such as legal and monetary penalties. Such organizations frequently are complex systems, where personal data is processed by humans and technical services. Therefore, it becomes fundamental to consider privacy from the social perspective when designing such system, i.e., when relations between different components are specified. This is, indeed, also specified in the GDPR, which encourages to apply privacy-by-design principles. This paper proposes a method to support the design of GDPR compliant systems, based on a socio-technical approach composed of a modeling language and a reasoning framework.
منابع مشابه
Information Quality Requirements Engineering: a Goal-based Modeling and Reasoning Approach
Information Quality (IQ) has been always a growing concern for most organizations, since they depend on information for managing their daily tasks, delivering their services to their costumers, making important decisions, etc., and relying on low-quality information may negatively influence their overall performance, or even disasters in the case of critical systems (e.g., air traffic managemen...
متن کاملManaging Security Requirements Conflicts in Socio-Technical Systems
Requirements are inherently prone to conflicts, for they originate from stakeholders with different, often opposite, needs. Security requirements are no exception. Importantly, their violation leads to severe effects, including privacy infringement, legal sanctions, and exposure to security attacks. Today’s systems are Socio-Technical Systems (STSs): they consist of autonomous participants (hum...
متن کاملModelling and reasoning about security requirements in socio-technical systems
Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on...
متن کاملModeling and Analyzing Information Quality Requirements of Socio-technical Systems: Experience Report
Information Quality (IQ) is particularly important for the efficient performance of any system. Despite this, most of the Requirements Engineering (RE) frameworks either ignore IQ needs, or they deal with them as mere technical issues, i.e., they do not consider the social and organizational aspects that underlie such needs. This paper summarizes the experience of the authors in modeling and an...
متن کاملSTS-Tool: Security Requirements Engineering for Socio-Technical Systems
We present the latest version of STS-Tool, the modelling and analysis support tool for STS-ml, an actorand goal-oriented security requirements modelling language for socio-technical systems. We show how the STS-Tool supports requirements analysts and security designers in (i) modelling socio-technical systems as a set of interacting actors, who have security needs over their interactions, and (...
متن کامل