The GDPR impacts the design of information systems which process personal data, because it makes mandatory the adoption of the privacy-by-design and privacy-by-default principles. This compliance must be verified throughout the design cycle, so that it must be considered as early as possible in the cycle, when alternatives are not yet detailed in the overall design and just general directions of the projects may be available. A comparison between alternatives should be performed, which can only have a qualitative nature, but which involves numerous factors, so a panel of experts is needed to obtain a reliable result. In this paper, we propose a analytic hierarchy process-based evaluation approach to examine privacy-related features of alternative information system architectures in the early phases of the design cycle.
A decision framework for early evaluation of privacy-by-design in information systems
Mastroianni M.;
2025-01-01
Abstract
The GDPR impacts the design of information systems which process personal data, because it makes mandatory the adoption of the privacy-by-design and privacy-by-default principles. This compliance must be verified throughout the design cycle, so that it must be considered as early as possible in the cycle, when alternatives are not yet detailed in the overall design and just general directions of the projects may be available. A comparison between alternatives should be performed, which can only have a qualitative nature, but which involves numerous factors, so a panel of experts is needed to obtain a reliable result. In this paper, we propose a analytic hierarchy process-based evaluation approach to examine privacy-related features of alternative information system architectures in the early phases of the design cycle.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
