Design for Addressing Data Privacy Issues in Legacy Enterprise Application Integration

Meddeoda Gedara, Kavindra Kulathilake

January 2019

Electronic message transfer is the key element in enterprise application integration (EAI) and the privacy of data transferred must be protected by the systems involved in the message transfer from origin to the destination. The recent data privacy regulation such as GDPR (General Data Protection Regulation) has enforced the organizations to ensure the privacy of the personal data handled with obligations to provide visibility and control over to the data owner. Privacy concerns with relevant to sensitive data embedded and transferred through business-to-business (B2B) middleware platforms in enterprise architecture are mostly at risk with the legacy nature of the products and the complexity of system integrations. This poses a great threat and challenge to organizations processing sensitive data over the interconnected systems in complying with regulatory requirements.  This research proposes a solution design to address the data privacy issues related to personal data handled in an enterprise application integration framework. Where electronic messages used to transfer personally identifiable information (PII). The proposal consisting of a design called “Safety Locker” to issue unique tokens related to encrypted PII elements stored in a persistence data storage based on Apache Ignite. While adding REST API interfaces to access the application functionality such as tokenization, de-tokenization, token management and accessing audit logs. The safety locker can run as a standalone application allowing clients to access its functionality remotely utilizing hypertext transfer protocol (HTTP). The design allows the data controllers to ensure the privacy of PII by embedding tokens generated from the application within the electronic messages transferred through interconnected systems. The solution design is evaluated through a proof of concept implementation, which can be adapted, enhanced to apply in EAI implementations.

B2B

EDI

EDIFACT

GDPR

Enterprise Application Integration

Middleware Broker

Tokenization

Data Privacy

Annan elektroteknik och elektronik

Etická problematika postavení lidí trpících duševním onemocněním na trhu práce / The etical issue of the position of people suffering from mental disorder in the labor market

Cabishová, Kateřina

January 2021

Subject of Diploma thesis is a description of ethical problems and complication of social mechanism related to employing people who suffer from mental illnesses. There are factors which influences opportunities for success, like concealed or unspecified information about diagnosis. It is happening based on experience with labeling and stigmatization. Thesis reflects sick person's dilemmas and social roles and proposes a solutions in the light of ethic. The goal will be to create a design of code of ethics which can be helping people with experience with mental disorders enter to labour market. Keywords ethical problem, dilemma, mental illness, stigmatization, virtue, code of ethics

Analýza zpracování osobních údajů podle Nařízení GDPR / Personal Data Processing Analysis under the GDPR Regulation

Slámová, Gabriela

January 2018

This diploma thesis deals with the proposal of a personal data protection system according to the General Data Protection Regulation in the organization Dentalife s.r.o.. The proposal was implemented on the basis of an analysis of the current situation which revealed serious shortcomings in line with the General Data Protection Regulation. Based on the identified deficiencies, a recommendation has been drawn up which, in the event of its subsequent implementation, will put the current situation into line with this Regulation. The theme of the diploma thesis was selected primarily because of its up-to-date and missing materials that would describe and explain the individual steps of the whole process of analysis and implementation.

Personuppgifter i EU:s dataskyddsrätt : En rättslig analys av personuppgiftsrekvisitet i EU:s dataskyddsförordning / Personal Data in EU Data Protection Law : A legal analysis of the meaning of personal data in the European General Data Protection Regulation

Granskog, David

January 2021

No description available.

Dataskyddsförordning

DFS

GDPR

DPD

personuppgifter

identifierad identifierbar fysisk person

dataskydd

data

upplysning

Nowak

Breyer

definitionen av personuppgifter

varje upplysning

Law (excluding Law and Society)

Dohled a ochrana osobních údajů / Surveillance and Personal Data Protection

Kohoutová, Jana

January 2017

This diploma thesis deals with the surveillance and private data protection. The first part brings into the focus the theoretical definition of surveillance and the areas in which it is applied. Important role in this thesis has also it's historical development. For example there will be introduced the historical resolution according to David Lyon to premodern, modern and postmodern surveillance, Michel Foucault's view on the surveillance of the state over it's citizens or society of control of Gilles Deleuze. The second part of this thesis will move to concepts as personal data and their protection. I will define what privacy and personal data means and what is it's value to each of us. This thesis will continue with current legal aspects not only in the Czech Republic but within whole European union. As the next important topic will follow the new regulation of European Union dealing with personal data, so called GDPR that comes into the force next year and it's possible benefits for contemporary situation. The result of this thesis is to provide the insight into the development of surveillance in the society and define it in the areas where it is implied but primarily find out to what extent is this surveillance entitled and where it's limits are. Another aim of this thesis is also to asses the...

Porovnání úpravy ochrany osobních údajů dle zákona č.101/2000 Sb. a GDPR / Comparison of the protection of personal data protection pursuant to Act No.101/2000 Coll. and GDPR

Jankrlová, Šárka

January 2019

Comparison of the protection of personal data protection pursuant to Act No. 101/2000 Coll. and GDPR Abstract The diploma thesis deals with two legal regulations that are connected in time. Both these legislation issue of personal data protection. The first piece of legislation is Act No. 101/2000 Coll., On the protection of personal data (hereinafter the Act), which was the implementation of Directive 95/46 / EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals personal data and the free movement of such data. The second piece of legislation discussed is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ). The thesis is divided into thirteen chapters. First, it contains a brief historical development of the area of personal data protection worldwide and in the Czech Republic. In chapters 2 - 12, it gradually describes the institutes regulated by the law and the same intitutes regulated by the general regulation and compares in what the current legislation differs from the old regulation, or in what it remains the same. It also analyzes whether the specific changes...

Digital distansundervisning och GDPR : Särskilt om Zoom vid Sveriges universitet och högskolor efter Schrems II-målet / Distance learning and GDPR : Especially about Zoom at Swedish universities after the Shrems II case

Andersson Rosengren, Pontus

January 2021

The ongoing Covid-19 pandemic has led to society being forced to switch to a digital presence, where physical meetings have been replaced by digital ones. For universities, this has meant that teaching and examinations have taken place through a special installation of the video conferencing service Zoom. Zoom is offered in a so-called on-premises installation which largely runs on private servers or instance, in Denmark. NORDUnet and Sunet are the providers of the special installation which has been given the “Sunet E-meeting”. For the service to work, personal data is processed. This data includes names and e-mail addresses, but also meeting data, gathered by the camera and audio feed, and IP-addresses. All personal data should be processed on the private instance according to the service description. To connect to the service, various options are provided, including installing a client provided by Zoom on a computer or smartphone. Another way to connect that does not require any installation is through a web client, also provided by Zoom.  One of Sweden’s universities recently discovered that a student who joined the meeting via the web client was connected to a public Zoom data center in the United States. Through network analyzes and the study below, it turns out that the web client is a form of exception in the service where traffic does not go directly to the private cloud. Instead, the traffic goes via Zoom's public cloud where traffic is at risk of going to various data centers both outside and within the European Union. This study of the service is based on the data protection legislation. Questions concerning the division of roles and responsibilities between the data controller and the processor, security concerns, the use personal data, processing, and third-country transfers has been done.  Following the Schrems II judgment, where the European Court of Justice ruled that the United States does not have an adequate level of protection regarding the protection of individuals' personal data, the possibilities of transferring personal data to the country were limited. Determining whether the usage of the cloud service means that personal data is transferred to the United States or not is therefore of great importance. This study concludes that a third country transfer has occurred at least once, which is not compatible within the data protection regulation. The study also shows the importance of knowledge of the service being used both by the controller and processor to ensure correct processing of the data.

Zoom

Videokonferens

GDPR

IT-säkerhet

tredje land

tredjelandsöverföring

Schrems II

personuppgiftsbehandling

personlig integritet.

Law (excluding Law and Society)

Opportunities and challenges with the GDPR implementation : A study of how the GDPR has affected business processes in Sweden

Al Abassi, Baraa, Aladellie, Sara

January 2020

The General Data Protection Regulation is a relatively new law that is applied to all companies within the member states of the European Union. The law is established to protect individual’s personal rights and privacy from being misused. The purpose of this qualitative study is to investigate how businesses based in Sweden have complied with their internal and external processes in alignment with the GDPR. The gap that was found was that limited research has been made regarding how businesses have complied in alignment with the law after the implementation. To investigate this problem area, semi-instructed interviews were conducted with five large companies in Sweden. The results that were found was that the General Data Protection Regulation has contributed to different challenges for businesses as well as opportunities. Nevertheless, a major finding from the empirical presentation together with previous research was that the businesses need to standardise their processes to align with the standards of the General Data Protection Regulation.

GDPR

General Data Protection Regulation

Personal Data

Data Privacy

Institutional theory

Information Systems, Social aspects

Politik och Personlig Integritet : En Diskursanalys av Debatten om GDPR i Sverige / Politics and Privacy : A Discourse Analysis of the GDPR Debate in Sweden

Eriksson, Malte

January 2022

The purpose of this study is to analyze the Swedish debate about integrity represented by the GDPR regulation. The study focuses on and compares the debate within the parliament and the debate within the media. Critical discourse analysis has been the method used to discover how the debate about GDPR in Sweden has developed and shaped. To interpret the result of the study the political science theories public choice and normative institutionalism have been used. The three most dominant discourses in the debate were the relationship between GDPR and Swedish law, how GDPR affects innovation and economic growth and also insight in how actors collect and handles personal data. It can also be concluded that the debate within the parliament is rather absent due to lack of disagreement. The debate that occurred within the media contains a higher level of conflict and appears to be more dynamic. Both theories used to interpret the result can be, to some extent, useful when trying to understand why the debate turned out the way it did. To gain more understanding about political conflicts concerning integrity within the information society more studies need to be accomplished.

GDPR

dataskydd

personlig integritet

diskursanalys

public choice

normativ institutionalism

Experience with users about the various GDPR provisions available through the services

Alid, Hani

January 2023

This thesis discusses the General Data Protection Regulation (GDPR) and its impact on individuals since the GDPR became effective in May 2018. The regulation has had significant implications for companies and organizations that handle user data as it provides fines if they are non-compliance. However, the GDPR was created to protect individuals' privacy and personal data in the European Union (EU), which has added many complexities to companies and individuals. This study aims to provide an experiment with individuals in Sweden to document their knowledge of the regulations and their ability to exercise the rights granted and to know their opinions through interviews with 19 samples of individuals. The research deals with the third chapter more than other chapters of the GDPR. The results revealed a lack of awareness among the participants, with only a small percentage having prior knowledge of the GDPR and lacking a clear understanding of the implications and practical implementation of these rights, despite the participants' enthusiasm when explaining the rights to them. Participants acknowledged the importance of their data and assessed the provisions of the GDPR. They emphasized rights such as access, rectification, and erasure as necessary to protect privacy. After obtaining nearly complete knowledge, the participants could exercise and find the GDPR rights entirely on Swedish sites, except those who were able to find the rights with only a little knowledge. The study highlights the need to enhance individuals' awareness of the GDPR and improve transparency and accessibility of privacy policies.

controllers

knowledge

privacy

awareness

privacy policies

user rights

Information Systems, Social aspects