Authors:
Ana Ferreira
;
Pedro Vieira-Marques
and
Rute Almeida
Affiliation:
RISE-Health, Department of Community Medicine, Information and Health Decision Sciences, Faculty of Medicine, University of Porto, Porto, Portugal
Keyword(s):
GDPR Compliance, Privacy by Design, User Centered Research.
Abstract:
In a time when various regulations and directives are enforced within the European cyberspace regarding cybersecurity and data protection, General Data Protection Regulation (GDPR) requirements are still far from being completely understood and integrated into the practice of individuals personal and sensitive data processing. Having clear directions of what is needed to protect the privacy of personal data is essential but even more, is the availability of tools and mechanisms that can provide easy, structured and, hopefully, more automated ways to implement those requirements in practice. After more than six years of GDPR enforcement, how are people aware, knowledgeable and prepared to comply with GDPR in their daily practice? Moreover, what still needs to be done to improve this process? This work presents the results of a survey aimed to collect the perceptions, preferences and needs regarding interactive and assistive tools, together with its content, to support GDPR compliance
in practice. Participants (n=62) from varied backgrounds and experiences agreed that such tools are very needed and can have beneficial impact in terms of Privacy, Knowledge, Efficiency and Productivity, but also in terms of Safety. Results also show that stakeholders who frequently need to perform personal data processing, do not many times have the knowledge, experience or required support to put compliance procedures into practice, and within their context. Our study contributes to understanding what content and functionalities a GDPR compliance tool must include to support those stakeholders.
(More)