Designing Data Protection for GDPR Compliance into IoT Healthcare Systems
share
In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. On 25th May 2018, the GDPR has become mandatory within the European Union and hence also for all suppliers of IT products. Infringements on the regulation are now fined with penalties of up 20 Million EUR or 4% of the annual turnover of a company whichever is higher. This is a clear motivation for system designers to guarantee compliance to the GDPR. We propose a data labeling model to support access control for privacy-critical patient data together with the Fusion/UML process to design GDPR compliant system. We illustrate this design process on the case study of IoT based monitoring of Alzheimer's patients that we work on in the CHIST-ERA project SUCCESS.
READ FULL TEXT