Implementation of privacy by design model to an eHealth information system

Matjaž Drev; Dalibor Stanimirović; Boštjan Delak

doi:https://doi.org/10.36965/OJAKM.2022.10(1)77-87

Volume 10, 2022: Issue 1

PDF Download the article (Free)

Author(s):

Matjaž Drev , National Institute of Public Health, Slovenia

Dalibor Stanimirović , Faculty of Public Administration, University of Ljubljana, Slovenia

Boštjan Delak, Faculty of Information Studies, Slovenia

Abstract:

This paper reports ongoing research on the process and results of implementing a conceptual model of privacy by design. The model is based on building blocks derived from a comparative analysis of approaches to privacy by design by different authors. We then implemented the model to the data processing operations of Slovenia's central health information system (eHealth). The main goal of our research was to ensure personal data processing compliance with the General Data Protection Regulation (GDPR) and privacy by design criteria set by the model. Findings were used to answer the research questions: whether the proposed conceptual model is general enough to be used in most personal data processing operations, regardless of context; does the successful implementation of conceptual model requirements in personal data processing operations lead to compliance with the GDPR and with the additional requirements of privacy by design, and is the efficiency of complying with personal data processing higher when using the conceptual model compared to other approaches. Current results show that the model is robust enough to be used in a complex system of personal data processing. It also enables a relatively quick assessment of the gap between the actual and target situation, while suggesting which measures should be taken to comply. However, the model still must be tested in several organizations and other contexts of personal data processing, as only a comparative meta-analysis can provide reliable answers to the questions posed.

Keywords:

Privacy by design, conceptual model, personal data, information system, eHealth

DOI:

https://doi.org/10.36965/OJAKM.2022.10(1)77-87

Type:

Research paper

Journal:

The Online Journal of Applied Knowledge Management (OJAKM), ISSN: 2325-4688

Publisher:

International Institute for Applied Knowledge Management (IIAKM)

Received:

28 February 2022

Revised:

20 May 2022; 23 August 2022

Accepted:

6 September 2022

Accepting Editor:

Meir Russ

Pages:

77-87

OJAKM Menu

OJAKM Articles

OJAKM is Indexed in

Volume 10, 2022: Issue 1
		Download the article (Free)
Title:	Implementation of privacy by design model to an eHealth information system
Author(s):	Matjaž Drev , National Institute of Public Health, Slovenia Dalibor Stanimirović , Faculty of Public Administration, University of Ljubljana, Slovenia Boštjan Delak, Faculty of Information Studies, Slovenia
Abstract:	This paper reports ongoing research on the process and results of implementing a conceptual model of privacy by design. The model is based on building blocks derived from a comparative analysis of approaches to privacy by design by different authors. We then implemented the model to the data processing operations of Slovenia's central health information system (eHealth). The main goal of our research was to ensure personal data processing compliance with the General Data Protection Regulation (GDPR) and privacy by design criteria set by the model. Findings were used to answer the research questions: whether the proposed conceptual model is general enough to be used in most personal data processing operations, regardless of context; does the successful implementation of conceptual model requirements in personal data processing operations lead to compliance with the GDPR and with the additional requirements of privacy by design, and is the efficiency of complying with personal data processing higher when using the conceptual model compared to other approaches. Current results show that the model is robust enough to be used in a complex system of personal data processing. It also enables a relatively quick assessment of the gap between the actual and target situation, while suggesting which measures should be taken to comply. However, the model still must be tested in several organizations and other contexts of personal data processing, as only a comparative meta-analysis can provide reliable answers to the questions posed.
Keywords:	Privacy by design, conceptual model, personal data, information system, eHealth
DOI:	https://doi.org/10.36965/OJAKM.2022.10(1)77-87
Type:	Research paper
Journal:	The Online Journal of Applied Knowledge Management (OJAKM), ISSN: 2325-4688
Publisher:	International Institute for Applied Knowledge Management (IIAKM)
Received:	28 February 2022
Revised:	20 May 2022; 23 August 2022
Accepted:	6 September 2022
Accepting Editor:	Meir Russ
Pages:	77-87