Enterprise Architecture Patterns for GDPR Compliance

Clara Teixeira, André Vasconcelos, Pedro Sousa, Mª Marques

Abstract

With the growth of technology and the personalization and customization of the internet experiences, personal data has been stored and processed more and more. In some cases, the data subject has not agreed with the retrieval and the purpose of the processing. To solve this, the European Union (EU) parliament approved the General Data Protection Regulation (GDPR), a regulation that has the data subjects’ interests in mind. Since some of the concepts and requirements are hard to comprehend, patterns can help system architects and engineers to deliver GDPR compliant information systems. It is important to emphasize that these privacy-related concerns should be addressed at a design level, not after the implementation. This methodology is mostly known as privacy by design. This work focuses on the requirements brought by the GDPR and in providing enterprise architecture patterns to achieve GDPR compliance by proposing a library of patterns. This library is organized in 11 use cases with the GDPR principles that they address; it has 22 patterns, each one handling one or more use cases, modeled in ArchiMate, for a clearer understanding of the solutions. The patterns are applied to a case study, and the impacts are assessed.

Download


Paper Citation


in Harvard Style

Teixeira C., Vasconcelos A., Sousa P. and Marques M. (2021). Enterprise Architecture Patterns for GDPR Compliance. In Proceedings of the 23rd International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-509-8, pages 715-725. DOI: 10.5220/0010441307150725


in Bibtex Style

@conference{iceis21,
author={Clara Teixeira and André Vasconcelos and Pedro Sousa and Mª Marques},
title={Enterprise Architecture Patterns for GDPR Compliance},
booktitle={Proceedings of the 23rd International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2021},
pages={715-725},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010441307150725},
isbn={978-989-758-509-8},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 23rd International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Enterprise Architecture Patterns for GDPR Compliance
SN - 978-989-758-509-8
AU - Teixeira C.
AU - Vasconcelos A.
AU - Sousa P.
AU - Marques M.
PY - 2021
SP - 715
EP - 725
DO - 10.5220/0010441307150725