{"title":"SDLC-GDPR进程:迈向安全和合规应用程序的开发","authors":"Michele B. Freitas, V. M. Araujo, J. Magalhães","doi":"10.1109/ICAISC56366.2023.10085308","DOIUrl":null,"url":null,"abstract":"With the full application of the General Data Protection Regulation (GDPR) in the EU on 25 May 2018, data protection by design and by default become a legal obligation. The GDPR requires organizations to adapt how they handle and protect personal and sensitive data. Explicit consent for data collection and processing, report security problems affecting personal data and the appointment of a data controller (DPO) has become mandatory and is already being complied with. However, issues like security by default and by design, from a practical perspective, are still taking the first steps. In this paper we propose a process to support the software development with the essential requirements for obtaining protection and privacy in personal data. The encompasses six procedures, aligned with the SDLC cycle. Each procedure is composed of activities and reference documents. By adopting a process like we propose, organizations achieve greater compliance between the software and the GDPR, contributing to the personal data protection, as well as, the reduction of potential fines and protection against possible financial and trust/reputation losses.","PeriodicalId":422888,"journal":{"name":"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-01-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Process SDLC-GDPR: Towards the Development of Secure and Compliant Applications\",\"authors\":\"Michele B. Freitas, V. M. Araujo, J. Magalhães\",\"doi\":\"10.1109/ICAISC56366.2023.10085308\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"With the full application of the General Data Protection Regulation (GDPR) in the EU on 25 May 2018, data protection by design and by default become a legal obligation. The GDPR requires organizations to adapt how they handle and protect personal and sensitive data. Explicit consent for data collection and processing, report security problems affecting personal data and the appointment of a data controller (DPO) has become mandatory and is already being complied with. However, issues like security by default and by design, from a practical perspective, are still taking the first steps. In this paper we propose a process to support the software development with the essential requirements for obtaining protection and privacy in personal data. The encompasses six procedures, aligned with the SDLC cycle. Each procedure is composed of activities and reference documents. By adopting a process like we propose, organizations achieve greater compliance between the software and the GDPR, contributing to the personal data protection, as well as, the reduction of potential fines and protection against possible financial and trust/reputation losses.\",\"PeriodicalId\":422888,\"journal\":{\"name\":\"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-01-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICAISC56366.2023.10085308\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2023 1st International Conference on Advanced Innovations in Smart Cities (ICAISC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICAISC56366.2023.10085308","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Process SDLC-GDPR: Towards the Development of Secure and Compliant Applications
With the full application of the General Data Protection Regulation (GDPR) in the EU on 25 May 2018, data protection by design and by default become a legal obligation. The GDPR requires organizations to adapt how they handle and protect personal and sensitive data. Explicit consent for data collection and processing, report security problems affecting personal data and the appointment of a data controller (DPO) has become mandatory and is already being complied with. However, issues like security by default and by design, from a practical perspective, are still taking the first steps. In this paper we propose a process to support the software development with the essential requirements for obtaining protection and privacy in personal data. The encompasses six procedures, aligned with the SDLC cycle. Each procedure is composed of activities and reference documents. By adopting a process like we propose, organizations achieve greater compliance between the software and the GDPR, contributing to the personal data protection, as well as, the reduction of potential fines and protection against possible financial and trust/reputation losses.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
