A Methodology to Validate Compliance to the GDPR

University essay from Göteborgs universitet/Institutionen för data- och informationsteknik

Abstract: This study analyses two state-of-the-art methodologies for eliciting privacy threatsin software contexts, LINDDUN and PIA. A first goal is to understand the limitationsof these methodologies in terms of compliance to the provisions of the robustGeneral Data Protection Regulation (GDPR). A second goal is to improve the firstmethodology by addressing its limitations and proving a more complete coveragewith regards to the regulation. The study is divided into two phases; an analysisof the current coverage of the two methodologies and the development of anextended version of LINDDUN. The extended LINDDUN includes a privacy-awareData Flow Diagram and extensions of the Content Unawareness and Policy and Noncompliancethreat trees, as well as developed rules for defining where in a softwaredesign a privacy threat commonly exists. It was observed that PIA was consideredmore effective than LINDDUN in identifying design issues related to GDPR. Whilethe extended version of LINDDUN showed to provide a more complete coveragethan the original LINDDUN.

  AT THIS PAGE YOU CAN DOWNLOAD THE WHOLE ESSAY. (follow the link to the next page)