Personal Data Protection Inside and Out Integrating - Data Protection Requirements in the Data Lifecycle

Details

Ressource 1Download: 239-Article Text-927-1-10-20201126.pdf (362.13 [Ko])
State: Public
Version: Final published version
License: CC BY-SA 4.0
Serval ID
serval:BIB_3508D2372192
Type
Article: article from journal or magazin.
Collection
Publications
Institution
Title
Personal Data Protection Inside and Out Integrating - Data Protection Requirements in the Data Lifecycle
Journal
Enterprise Modelling and Information Systems Architectures (EMISAJ)
Author(s)
Labadie Clément, Legner Christine
Publication state
Published
Issued date
26/11/2020
Peer-reviewed
Oui
Volume
15
Number
9
Pages
1-20
Language
english
Abstract
Personal data is increasingly positioned as a valuable asset. While individuals generate and expose ever-expanding volumes of personal information online, certain tech companies have built their business models on the personal data they gather. In this context, lawmakers are revising data protection regulations in order to provide individuals with enhanced rights and set new rules regarding the way corporations collect, manage, and share personal information. We argue that recent data protection regulatory frameworks such as the European Union’s General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA) are fundamentally about data management. Yet, there have been no attempts to analyze the regulations in terms of their implications on the data life cycle. In this paper, we systematically analyze the GDPR and the CCPA, and identify their implications on the data life cycle. To synthesize our findings, we propose a semi-formal notation of the resulting changes on the personal data life cycle, in the form of a process and data model governed by business rules, consolidated in a reference personal data life cycle model for data protection. To the best of our knowledge, this study represents one of the first attempts to provide a data-centric view on data protection regulatory requirements.
Keywords
Data lifecycle, Data protection, Personal data, Regulatory compliance
Open Access
Yes
Funding(s)
Other / Competence Center Corporate Data Quality (CC CDQ)
Create date
01/12/2020 0:57
Last modification date
01/12/2020 7:08
Usage data