TECHNICAL AND LEGAL ASPECTS OF DATABASE'S SECURITY IN THE LIGHT OF IMPLEMENTATION OF GENERAL DATA PROTECTION REGULATION

Paweł Drąg, Mateusz Szymura

Abstract


In the modern era, information is not only a valuable commodity, but also a potential source of threat, especially when it comes to personal data. The implementation of the General Data Protection Regulation seeks to unify regulations and safeguards in a same manner across the EU. The following paper surveys how the legal aspects of GDPR influence the existing technical framework of databases containing personal data. In this research we want to show if the already existing technical infrastructure and safeguards implemented in databases containing personal data are sufficient and if not, if implementing new ways of protecting of data will require creating entire new system of databases or only changing of existing framework. Therefore, we combine an analysis of legal texts with a technical analysis of existing and newly implemented safeguards. While the GDPR doesn’t answer what safeguards should be implemented (in the spirit of technological neutrality), the notion of pseudonymisation of the data is strongly advocated through the Regulation. In our paper we tried to show the algorithm, which create a pseudonymisation function that can change personal data into generic data with the possibility to reverse that process ad utilise data after de-pseudonymisation. Implementing safeguards based on the following function create a more safe environment for data safekeeping, while give nearly immediate access to data for authorised person, who can reverse pseudonymisation and transform generic data once more into personal data.

Keywords


Data Protection Regulation, Database, Security

Full Text:

PDF

References


Anisetti, M., Ardagna, C., Bellandi, V., Cremonini, M., Frati, F., Damiani, E. (2018). Privacy-aware Big Data Analytics as a service for public health policies in smart cities. Sustainable Cities and Society, vol. 39, pp. 68-77. https://doi.org/10.1016/j.scs.2017.12.019.

Antignac, T., Scandariato, R., Schneider, G. (2016). A privacy-aware conceptual model for handling personal data. In: Margaria T., Steffen B. (eds.), International Symposium on Leveraging Applications of Formal Methods, pp. 942-957, Springer. https://doi.org/10.1007/978-3-319-47166-2_65.

Bauer, C.R.K.D., Ganslandt, T., Baum, B., Christoph, J., Engel, I., Löbe, M., Mate, S., Stäubert, S., Drepper, J., Prokosch, H.-U., Winter, A., Sax, U. (2016). Integrated Data Repository Toolkit (IDRT). A Suite of Programs to Facilitate Health Analytics on Heterogeneous Medical Data. Methods of Information in Medicine, vol. 55, np 2, pp 125-135. https://doi.org/10.3414/ME15-01-0082.

Demir, L., Kumar, A., Cunche, M., Lauradoux, C. (2017). The Pitfalls of Hashing for Privacy. IEEE Communications Surveys and Tutorials, vol. 20, pp 551 - 565. . https://doi.org/10.1109/COMST.2017.2747598.

Duncan, B., Whittington, M. (2017). Creating and Configuring an Immutable Database for Secure Cloud Audit Trail and System Logging. International Journal On Advances in Security, vol.10, no. 3-4, pp. 155-166.

General Data Protection Regulation, GDPR. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Hintze, M. (2016). Viewing the GDPR through a de-identification lens: a tool for compliance, clarification, and consistency. International Data Privacy Law. https://doi.org/10.1093/idpl/ipx020.

Hu, R., Stalla-Bourdillon, S., Yang, M., Schiavo, V., Sassone, V. (2017). Bridging Policy, Regulation, and Practice? A Techno-Legal Analysis of Three Types of Data in the GDPR. Hu, Runshan and Stalla-Bourdillon, Sophie and Yang, Mu and Schiavo, Valeria and Sassone, Vladimiro, Bridging Policy, Regulation, and Practice? A Techno-Legal Analysis of Three Types of Data in the GDPR (September 1, 2017). In: van Brakel, R.L.R., Gutwirth, S., De Hert P. (eds.) Data Protection and Privacy: The Age of Intelligent Machines., Hart Publishing, 2017. https://ssrn.com/abstract=3034261.

Koops, B.-J. (2014). The trouble with European data protection law. International Data Privacy Law, 2014, vol. 4, no. 4, pp. 250-261. https://doi.org/10.1093/idpl/ipu023.

Wallace, S.E. (2016). What Does Anonymization Mean? DataSHIELD and the Need for Consensus on Anonymization Terminology. Biopreservation and biobanking, vol.14, no.3, pp. 224-230. https://doi.org/10.1089/bio.2015.0119




DOI: http://dx.doi.org/10.12955/cbup.v6.1294

Refbacks

  • There are currently no refbacks.


Print ISSN 1805-997X, Online ISSN 1805-9961

(c) 2018 CBU Research Institute s.r.o.

For more information on the conference visit cbuic.cz