GDPR: Securing Personal Data in Compliance with new EU-RegulationsReport as inadecuate




GDPR: Securing Personal Data in Compliance with new EU-Regulations - Download this document for free, or read online. Document in PDF available to download.

Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering.Jakobsson, Björn Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering. 2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis

Abstract [en] : New privacy regulations bring new challenges to organizations that are handling and processing personal data regarding persons within the EU. These challenges come mainly in the form of policies and procedures but also with some opportunities to use technology often used in other sectors to solve problems. In this thesis, we look at the new General Data Protection Regulation (GDPR) in the EU that comes into full effect in May of 2018, we analyze what some of the requirements of the regulation means for the industry of processing personal data, and we look at the possible solution of using hardware security modules (HSMs) to reach compliance with the regulation. We also conduct an empirical study using the Delphi method to ask security professionals what they think the most important aspects of securing personal data, and put that data in relation to the identified compliance requirements of the GDPR to see what organizations should focus on in their quest for compliance with the new regulation. We found that a successful implementation of HSMs based on industry standards and best practices address four of the 35 identified GDPR compliance requirements, mainly the aspects concerning compliance with anonymization through encryption, and access control. We also deduced that the most important aspect of securing personal data according to the experts of the Delphi study is access control followed by data inventory and classification. 

Place, publisher, year, edition, pages: 2017. , 67 p.

Keyword [en] : GDPR, General Data Protection Regulation, Data Protection, Personal Data, EU, European Union, Encryption, Key Management, Hardware Security Module, HSM, Delphi Study, Compliance

National Category : Computer and Information Science

Identifiers: URN: urn:nbn:se:ltu:diva-64342OAI: oai:DiVA.org:ltu-64342DiVA: diva2:1113478

External cooperation : Tieto AB

Subject / course: Student thesis, at least 30 credits

Educational program: Information Security, master's level (120 credits)

Supervisors : Päivärinta, Tero, ProfessorLuleå University of Technology, Department of Computer Science, Electrical and Space Engineering.

Examiners : Päivärinta, Tero, ProfessorLuleå University of Technology, Department of Computer Science, Electrical and Space Engineering. Available from: 2017-06-22 Created: 2017-06-21 Last updated: 2017-06-22Bibliographically approved



Author: Bitar, Hadi

Source: http://ltu.diva-portal.org/



DOWNLOAD PDF




Related documents