Designing Data Protection for GDPR Compliance into IoT Healthcare Systems

In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. On 25th May 2018, the GDPR has become mandatory within the European Union and hence also for all suppliers of IT products. Infringements on the regulation are now fined with penalties of up 20 Million EUR or 4\% of the annual turnover of a company whichever is higher. This is a clear motivation for system designers to guarantee compliance to the GDPR. We propose a data labeling model to support access control for privacy-critical patient data together with the Fusion/UML process to design GDPR compliant system. We illustrate this design process on the case study of IoT based monitoring of Alzheimer's patients that we work on in the CHIST-ERA project SUCCESS.

• Publication year

  2019

• Venue

  arXiv.org

• Publication date

  2019-01-08

• Fields of study

  Medicine, Computer Science, Engineering

• Identifiers
  arXiv 1901.02426
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• Highly secure and efficient architectural model for iot based health care systems

  2017cited by this paper
• Modeling and Verification of Insider Threats Using Logical Analysis

  2017cited by this paper
• The EU General Data Protection Regulation (GDPR)

  2017cited by this paper
• A Fog Based Middleware for Automated Compliance With OECD Privacy Principles in Internet of Healthcare Things

  2016cited by this paper
• Internet of Things: Remote Patient Monitoring Using Web Services and Cloud Computing

  2014cited by this paper
• Translating Fusion/UML to Object-Z

  2003influential reference
• Encoding Object-Z in Isabelle/HOL

  2002cited by this paper
• Formal Object Oriented Specification Using Object-Z

  2000cited by this paper
• The Object-Z Specification Language

  1999cited by this paper
• Complete, safe information flow with decentralized labels

  1998cited by this paper

• Security Challenges in IoT-enabled Green Mobility Systems

  2025cites this paper
• Multi-Sensor Wearable-Based Sleep Stage Classification Using Federated Learning for Enhanced Privacy

  2025cites this paper
• Towards a GDPR-compliant cloud architecture with data privacy controlled through sticky policies

  2024cites this paper
• An improved cloud-based business process compliance management system using a user-centered approach

  2024cites this paper
• Abordagem IoT DB-Audit: uma contribuição a adequação do middleware EXEHDA à Lei Geral de Proteção de Dados

  2024cites this paper
• NL2GDPR: Automatically Develop GDPR Compliant Android Application Features from Natural Language

  2022cites this paper
• Context-Rich Privacy Leakage Analysis Through Inferring Apps in Smart Home IoT

  2020cites this paper
• A Method for Managing GDPR Compliance in Business Processes

  2020cites this paper
• Advanced Information Systems Engineering: CAiSE Forum 2020, Grenoble, France, June 8–12, 2020, Proceedings

  2020cites this paper
• Towards evaluating GDPR compliance in IoT applications

  2020cites this paper
• A Practical Approach to Stakeholder-driven Determination of Security Requirements based on the GDPR and Common Criteria

  2020cites this paper
• Secure Internet of Things (IoT)-Based Smart-World Critical Infrastructures: Survey, Case Study and Research Opportunities

  2019cites this paper