2019
Conference article  Open Access

Integrating access control and business process for GDPR compliance: A preliminary study

Calabrò A., Daoudagh S., Marchetti E.

Access Control  Business Process  GDPR Compliance 

Currently, the scientific communities and private companies are actively working to provide theoretical and practical solutions for enforcing the adoption of the General Data Protection Regulation (GDPR) and its compliance problem. In line with the principle of data protection by design, the paper proposes an approach for the automation and enforcement of GDPR requirements. The idea is to extend the currently adopted access control mechanisms so to leverage them to the enforcement of GDPR compliance during business activities of data management and analysis. From a practical point of view, this means to integrate into the existing business processes specific facilities for assisting in the design, development, maintenance, and verification of the GDPR requirements as well as to modify the language and architecture of the access control systems so as to let the management of GDPR principles and obligations. For this, the basic steps of the proposed approach are provided as well as an example used to clarify the integrated use of access control systems and business process models.

Source: ITASEC19 - Italian Conference on Cybersecurity, pisa, 12-15/02/2019

Publisher: M. Jeusfeld c/o Redaktion Sun SITE, Informatik V, RWTH Aachen., Aachen, Germania



Back to previous page
BibTeX entry
@inproceedings{oai:it.cnr:prodotti:415737,
	title = {Integrating access control and business process for GDPR compliance: A preliminary study},
	author = {Calabrò A. and Daoudagh S. and Marchetti E.},
	publisher = {M. Jeusfeld c/o Redaktion Sun SITE, Informatik V, RWTH Aachen., Aachen, Germania},
	booktitle = {ITASEC19 - Italian Conference on Cybersecurity, pisa, 12-15/02/2019},
	year = {2019}
}
CNR ExploRA

Bibliographic record

ISTI Repository

Published version Open Access

Also available from

dblp.orgOpen Access