Using Enterprise Architecture Models for Creating the Record of Processing Activities (Art. 30 GDPR)
| Autor: | Dominik Huth, Florian Matthes, Ahmet Tanakol |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Data collection
Process management Enterprise architecture management Computer science ArchiMate 020204 information systems General Data Protection Regulation Completeness (order theory) 0202 electrical engineering electronic engineering information engineering Data Protection Act 1998 020201 artificial intelligence & image processing 02 engineering and technology NIST Enterprise Architecture Model |
| Zdroj: | EDOC |
| DOI: | 10.1109/edoc.2019.00021 |
| Popis: | The record of processing activities (RPA) is a central document in demonstrating compliance with the General Data Protection Regulation (GDPR). Article 30 of the GDPR specifies the information that has to be made available to the supervisory authority upon request. Currently, data protection management experts conduct their own data collection and maintain isolated RPAs. We show how existing Enterprise Architecture models can be augmented with the necessary information to maintain and generate an RPA. We evaluate the completeness and usefulness of the approach together with data protection management experts. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|