Data Cart: A Privacy Pattern for Personal Data Management in Organizations
- The European General Data Protection Regulation requires the implementation of Technical and Organizational Measures (TOMs) to reduce the risk of illegitimate processing of personal data. For these measures to be effective, they must be applied correctly by employees who process personal data under the authority of their organization. However, even data processing employees often have limited knowledge of data protection policies and regulations, which increases the likelihood of misconduct and privacy breaches. To lower the likelihood of unintentional privacy breaches, TOMs must be developed with employees’ needs, capabilities, and usability requirements in mind. To reduce implementation costs and help organizations and IT engineers with the implementation, privacy patterns have proven to be effective for this purpose. In this chapter, we introduce the privacy pattern Data Cart, which specifically helps to develop TOMs for data processing employees. Based on a user-centered design approach with employees from two public organizations in Germany, we present a concept that illustrates how Privacy by Design can be effectively implemented. Organizations, IT engineers, and researchers will gain insight on how to improve the usability of privacy-compliant tools for managing personal data.
Document Type: | Part of a Book |
---|---|
Language: | English |
Author: | Jan Tolsdorf, Luigi Lo Iacono |
Parent Title (English): | Gerber, Stöver et al. (Eds.): Human Factors in Privacy Research |
Number of pages: | 26 |
First Page: | 353 |
Last Page: | 378 |
ISBN: | 978-3-031-28642-1 |
URN: | urn:nbn:de:hbz:1044-opus-82545 |
DOI: | https://doi.org/10.1007/978-3-031-28643-8_18 |
Publisher: | Springer |
Place of publication: | Cham |
Publishing Institution: | Hochschule Bonn-Rhein-Sieg |
Date of first publication: | 2023/03/10 |
Copyright: | © 2023 The Author(s). This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License. |
Funding: | This research was supported by the German Federal Ministry of Education and Research (BMBF) under the contract numbers 16KIS0899 and 16KIS1508. |
Note: | This chapter is derived in part from an article published in Behaviour & Technology 2022 ⒸTaylor & Francis, available online: https://www.tandfonline.com/10.1080/0144929X.2022.2069596. |
Keyword: | GDPR; Privacy patterns; User-Centered Design |
Departments, institutes and facilities: | Fachbereich Informatik |
Institut für Cyber Security & Privacy (ICSP) | |
Projects: | TrUSD - Verbundprojekt: Transparente und selbstbestimmte Ausgestaltung der Datennutzung im Unternehmen, Teilvorhaben: Konzeptionierung, Implementierung und Evaluation von Privacy Dashboards im Arbeitnehmerdatenschutz (DE/BMBF/16KIS0899) |
KMU-innovativ - KMUi-Verbundprojekt: Adaptive Datenschutz-Cockpits in digitalen Ökosystemen - Daccord -; Teilvorhaben: Evaluierte Werkzeuge zur effektiven, effizienten und zufriedenstellenden Ausübung der Datenschutzrechte ... (DE/BMBF/16KIS1508) | |
Dewey Decimal Classification (DDC): | 0 Informatik, Informationswissenschaft, allgemeine Werke / 00 Informatik, Wissen, Systeme / 005 Computerprogrammierung, Programme, Daten |
Entry in this database: | 2024/04/10 |
Licence (German): | Creative Commons - CC BY - Namensnennung 4.0 International |