A Methodology to Validate Compliance to the GDPR
Typ
Examensarbete för masterexamen
Program
Publicerad
2018
Författare
Ekdahl, Axel
Nyman, LĂdia
Modellbyggare
Tidskriftstitel
ISSN
Volymtitel
Utgivare
Sammanfattning
This study analyses two state-of-the-art methodologies for eliciting privacy threats
in software contexts, LINDDUN and PIA. A first goal is to understand the limitations
of these methodologies in terms of compliance to the provisions of the robust
General Data Protection Regulation (GDPR). A second goal is to improve the first
methodology by addressing its limitations and proving a more complete coverage
with regards to the regulation. The study is divided into two phases; an analysis
of the current coverage of the two methodologies and the development of an
extended version of LINDDUN. The extended LINDDUN includes a privacy-aware
Data Flow Diagram and extensions of the Content Unawareness and Policy and Noncompliance
threat trees, as well as developed rules for defining where in a software
design a privacy threat commonly exists. It was observed that PIA was considered
more effective than LINDDUN in identifying design issues related to GDPR. While
the extended version of LINDDUN showed to provide a more complete coverage
than the original LINDDUN.
Beskrivning
Ă„mne/nyckelord
Privacy , Privacy Threat Modeling , GDPR , LINDDUN , PIA , GDPR compliance , Privacy Impact Assessment