Using Enterprise Architecture Models for Creating the Record of Processing Activities (Art. 30 GDPR)

Autor: Dominik Huth, Florian Matthes, Ahmet Tanakol
Rok vydání: 2019
Předmět:
Zdroj: EDOC
DOI: 10.1109/edoc.2019.00021
Popis: The record of processing activities (RPA) is a central document in demonstrating compliance with the General Data Protection Regulation (GDPR). Article 30 of the GDPR specifies the information that has to be made available to the supervisory authority upon request. Currently, data protection management experts conduct their own data collection and maintain isolated RPAs. We show how existing Enterprise Architecture models can be augmented with the necessary information to maintain and generate an RPA. We evaluate the completeness and usefulness of the approach together with data protection management experts.
Databáze: OpenAIRE