Process SDLC-GDPR: Towards the Development of Secure and Compliant Applications

2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC) Pub Date : 2023-01-23 DOI:10.1109/ICAISC56366.2023.10085308

Michele B. Freitas, V. M. Araujo, J. Magalhães

{"title":"Process SDLC-GDPR: Towards the Development of Secure and Compliant Applications","authors":"Michele B. Freitas, V. M. Araujo, J. Magalhães","doi":"10.1109/ICAISC56366.2023.10085308","DOIUrl":null,"url":null,"abstract":"With the full application of the General Data Protection Regulation (GDPR) in the EU on 25 May 2018, data protection by design and by default become a legal obligation. The GDPR requires organizations to adapt how they handle and protect personal and sensitive data. Explicit consent for data collection and processing, report security problems affecting personal data and the appointment of a data controller (DPO) has become mandatory and is already being complied with. However, issues like security by default and by design, from a practical perspective, are still taking the first steps. In this paper we propose a process to support the software development with the essential requirements for obtaining protection and privacy in personal data. The encompasses six procedures, aligned with the SDLC cycle. Each procedure is composed of activities and reference documents. By adopting a process like we propose, organizations achieve greater compliance between the software and the GDPR, contributing to the personal data protection, as well as, the reduction of potential fines and protection against possible financial and trust/reputation losses.","PeriodicalId":422888,"journal":{"name":"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAISC56366.2023.10085308","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

With the full application of the General Data Protection Regulation (GDPR) in the EU on 25 May 2018, data protection by design and by default become a legal obligation. The GDPR requires organizations to adapt how they handle and protect personal and sensitive data. Explicit consent for data collection and processing, report security problems affecting personal data and the appointment of a data controller (DPO) has become mandatory and is already being complied with. However, issues like security by default and by design, from a practical perspective, are still taking the first steps. In this paper we propose a process to support the software development with the essential requirements for obtaining protection and privacy in personal data. The encompasses six procedures, aligned with the SDLC cycle. Each procedure is composed of activities and reference documents. By adopting a process like we propose, organizations achieve greater compliance between the software and the GDPR, contributing to the personal data protection, as well as, the reduction of potential fines and protection against possible financial and trust/reputation losses.

查看原文本刊更多论文

SDLC-GDPR进程:迈向安全和合规应用程序的开发

随着《通用数据保护条例》(GDPR)于2018年5月25日在欧盟全面实施，设计和默认的数据保护成为一项法律义务。GDPR要求组织调整处理和保护个人和敏感数据的方式。明确同意收集和处理资料、报告影响个人资料的保安问题，以及委任资料控制者(DPO)，已成为强制性规定，并已得到遵守。然而，从实际的角度来看，诸如默认安全性和设计安全性之类的问题仍处于起步阶段。在本文中，我们提出了一个支持软件开发的过程，以获得个人数据的保护和隐私的基本要求。它包含六个程序，与SDLC周期保持一致。每个程序由活动和参考文件组成。通过采用我们建议的流程，组织可以在软件和GDPR之间实现更大的合规性，有助于保护个人数据，减少潜在的罚款，并防止可能的财务和信任/声誉损失。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)

自引率

0.00%

发文量