doiSerbia

Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework

Kalloniatis Christos (Dept. of Digital Systems, University of Piraeus, Piraeus, Greece), [email protected]
Lambrinoudakis Costas (Dept. of Digital Systems, University of Piraeus, Piraeus, Greece), [email protected]
Musahl Mathias (German Research Center for Artificial Intelligence, Kaiserslautern, Germany), [email protected]
Kanatas Athanasios (Dept. of Digital Systems, University of Piraeus, Piraeus, Greece), [email protected]
Gritzalis Stefanos (Dept. of Digital Systems, University of Piraeus, Piraeus, Greece), [email protected]

Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address that, this paper proposes a Privacy and Data Protection Framework that provides the appropriate steps so as the proper technical, organizational and procedural measures to be undertaken. The framework, beyond previous literature, supports the combination of privacy by design principles with the newly introduced GDPR requirements in order to create a strong elicitation process for deriving the set of the technical security and privacy requirements that should be addressed. It also proposes a process for validating that the elicited requirements are indeed fulfilling the objectives addressed during the Data Protection Impact Assessment (DPIA), carried out according to the GDPR.

Keywords: privacy protection, data protection, GDPR, Framework