Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bachelor’s Thesis Kick-Off: Empirical Task Analysis of Data Protection Management Michael Vilser 5.06.2019.

Published byCamilla Gunnarsson Modified over 4 years ago

Similar presentations

Presentation on theme: "Bachelor’s Thesis Kick-Off: Empirical Task Analysis of Data Protection Management Michael Vilser 5.06.2019."— Presentation transcript:

1 Bachelor’s Thesis Kick-Off: Empirical Task Analysis of Data Protection Management
Michael Vilser

2 Key Facts Title: Empirical Task Analysis of Data Protection Management
Author: Michael Vilser Advisor: Dipl. Math.oec. Dominik Huth Supervisor: Prof. Dr. Florian Matthes Start: June 15th, 2019 End: November 15th , 2019 © sebis

3 Motivation Problem Statement Research Questions Approach Next Steps
Outline Motivation Problem Statement Research Questions Approach Next Steps Michael Vilser Bachelor’s Thesis Kickoff © sebis

4 … … Motivation Appointment of a Data Protection Officer
General Data [1] Protection Regulation Transparent Processing Limitation of purpose Data subject rights Constant evaluation of GDPR compliance Maintaining a record of processing activities On violation: Fine up to €20M or 4% of the worldwide annual revenue Michael Vilser Bachelor’s Thesis Kickoff © sebis

5 Motivation Overview of the organization
Shared Requirements [2]: Overview of the organization Enterprise Architecture Management Data Protection Management Understanding of processes, applications and dataflows A vocabulary and model for abstraction Enterprise Architect Data Protection Officer Method to obtain consistent and reproducible results Michael Vilser Bachelor’s Thesis Kickoff © sebis

6 Enterprise Architecture Models/Extensions
Problem Statement Previous Research Deductive approach based on [2][3] Design Science Research Content analysis of the GDPR EAM literature and models Enterprise Architecture Models/Extensions for GDPR compliance BUT Rather EAM centric Generalizability? Actual Use? Michael Vilser Bachelor’s Thesis Kickoff © sebis

7 RQ2) Which problems occur while performing these activities?
Research Questions RQ1) What activities in Data Protection Management are necessary to achieve GDPR compliance? RQ2) Which problems occur while performing these activities? RQ3) How are DPOs collaborating with EAM at the moment and how helpful is it? Michael Vilser Bachelor’s Thesis Kickoff © sebis

8 Approach – Desired outcome
Activities (also rated in terms of complexity and time consumption) Problems Already supported by EAM? How helpful is it? Should Data Protection Management get supported by EAM in the future? Activity A Time consumption Complexity Problem 1 Problem 3 No -> Reasons? Yes/No Activity B Problem 2 Problem 4 Problem 5 Yes – very helpful Yes Activity C Yes – not very helpful Michael Vilser Bachelor’s Thesis Kickoff © sebis

9 Approach Literature Research Interviews with DPOs Survey preparation
GDPR compliance using EAM [2][3] Tasks & Responsibilities of DPOs [4] Monetary value Interviews with DPOs Enhance domain knowledge Verify survey Survey preparation Question design Participant acquisition via Xing, LinkedIn, bvdnet.de, personal Contacts Survey execution Planned duration: 15.August to 30.September Evaluation Statistics Recommendations Michael Vilser Bachelor’s Thesis Kickoff © sebis

10 Approach – Activities derived from literature
Inform about regulation within organization (e.g. introducing training programs for data controllers/processors) Verify new and existing data handling processes regarding regulation compliance (e.g. privacy by design and default, lawful basis of processing, data sharing) Create data protection impact assessment (DPIA) Cooperation with supervisory authority Create records of Processing Activities Dealing with Data Subjects (e.g. handle deletion/… requests, Inform about data use (e.g. privacy policy) and breaches) Report to Management David Koller Master's Thesis KickOff © sebis

11 Approach – Monetary value
Official penalty sum in € [5]: ~ 56M Penalty sum I calculated in €: ~ 52M [6] Michael Vilser Bachelor’s Thesis Kickoff © sebis

12 Next Steps - Timetable June July August September October November
Literature Research Interviews with CPOs Survey preparation Survey execution Evaluation Writing & Review Start 15.June Kickoff Submission 15.November Michael Vilser Bachelor’s Thesis Kickoff © sebis

13 Michael Vilser 17132

14 References [1] European Commission (2016), “Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation)”, Official Journal of the European Union, Vol. 59, pp [2] Huth, Dominik: Using Enterprise Architecture Models for Creating the Record of Processing Activities (Art. 30 GDPR). [3] Burmeister, Fabian; Drews, Paul; Schirmer, Ingrid (2019): A Privacy-driven Enterprise Architecture Meta-Model for Supporting Compliance with the General Data Protection Regulation. In : Proceedings of the 52nd Hawaii International Conference on System Sciences. [4] Koç, Hasan; Eckert, Kai; Flaig, Daniel (2018): Datenschutzgrundverordnung (DSGVO): Bewältigung der Herausforderungen mit Unternehmensarchitekturmanagement (EAM). In HMD Praxis der Wirtschaftsinformatik 55 (5), pp. 942–963. DOI: /s [5] European Data Protection Board (2019): First overview on the implementation of the GDPR and the roles and means of the national supervisory authorities. Available online at checked on 6/28/2019. Michael Vilser Bachelor’s Thesis Kickoff © sebis

15 Backup RACI Matrix David Koller Master's Thesis KickOff © sebis

Download ppt "Bachelor’s Thesis Kick-Off: Empirical Task Analysis of Data Protection Management Michael Vilser 5.06.2019."

Similar presentations

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.

1 The Data Protection Officer at work Experience, good practices and lessons learnt Pierre Vernhes – former DPO at the Council of the EU Workshop on Data.
Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.

Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.
Registered Administrators & Eurostat Requirements GERARD KEANE.

Registered Administrators & Eurostat Requirements GERARD KEANE.
Castlebridge associates |www.castlebridge.ie | www.dataprotectionofficer.ie Castlebridge changing how people think about information How to Implement the.

Castlebridge associates | | Castlebridge changing how people think about information How to Implement the.
Levels of Management. Each Level of Management determines the line that separates between managerial positions in an organization.

Levels of Management. Each Level of Management determines the line that separates between managerial positions in an organization.
Administrative Investigation Within EU Funded Projects – Role and Experience of Bulgarian AFCOS Sofia, 31.10-01.11.2013 Georgi ZAYKOV Borislav HLEBAROV.

Administrative Investigation Within EU Funded Projects – Role and Experience of Bulgarian AFCOS Sofia, Georgi ZAYKOV Borislav HLEBAROV.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 17– Economic and Monetary Policy Bilateral.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 17– Economic and Monetary Policy Bilateral.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
A prototypical tool to discover architecture changes based on multiple monitoring data sources for a distributed system Patrick Schäfer, 22.05.2017, Munich.

A prototypical tool to discover architecture changes based on multiple monitoring data sources for a distributed system Patrick Schäfer, , Munich.
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Case 2: Hedge funds and financial markets

Case 2: Hedge funds and financial markets
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Deployment of a DPO Niamh Gavin AIB Data Protection Legal

Deployment of a DPO Niamh Gavin AIB Data Protection Legal
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
PRESENTATION OF MONTENEGRO

PRESENTATION OF MONTENEGRO
Predicting Enterprise Application Performance Measures through Time-series Forecasting Daniel Elsner, 21st August 2017, Scientific advisor: Pouya Aleatrati.

Predicting Enterprise Application Performance Measures through Time-series Forecasting Daniel Elsner, 21st August 2017, Scientific advisor: Pouya Aleatrati.

Similar presentations

Ads by Google