A Data Protection Impact Assessment Methodology for Cloud
We propose a data protection impact assessment (DPIA) method based on successive questionnaires for an initial screening and for a full screening for a given project. These were tailored to satisfy the needs of Small and Medium Enterprises (SMEs) that intend to process personal data in the cloud. The approach is based on legal and socio-economic analysis of privacy issues for cloud deployments and takes into consideration the new requirements for DPIAs within the European Union (EU) as put forward by the proposed General Data Protection Regulation (GDPR). The resultant features have been implemented within a tool.
Rehab Alnemr, Erdal Cayirci, Lorenzo Dalla Corte, Alexandr Garaga, Ronald Leenes, Rodney Mhungu, Siani Pearson, Chris Reed, Anderson Santana de Oliveira, Dimitra Stefanatou, Katerina Tetrimida and Asma Vranaki , "A Data Protection Impact Assessment Methodology for Cloud", Privacy Technologies and Policy, Third Annual Privacy Forum, APF 2015, Luxembourg, Luxembourg, October 7-8, 2015, Revised Selected Papers, Volume 9484 of the series Lecture Notes in Computer Science, Pages 60-92, Print ISBN 978-3-319-31455-6, Online ISBN 978-3-319-31456-3, Springer International Publishing, DOI: 10.1007/978-3-319-31456-3_4.