DeepAI AI Chat
Log In Sign Up

GDPR Anti-Patterns: How Design and Operation of Modern Cloud-scale Systems Conflict with GDPR

by   Supreeth Shastri, et al.

In recent years, our society is being plagued by unprecedented levels of privacy and security breaches. To rein in this trend, the European Union, in 2018, introduced a comprehensive legislation called the General Data Protection Regulation (GDPR). In this article, we review GDPR from a systems perspective, and identify how the design and operation of modern cloud-scale systems conflict with this regulation. We illustrate these conflicts via six GDPR anti-patterns: storing data without a clear timeline for deletion; reusing data indiscriminately; creating walled gardens and black markets; risk-agnostic data processing; hiding data breaches; making unexplainable decisions. Our findings reveal deep-rooted tussle between GDPR requirements and how cloud-scale systems that process personal data have evolved in the modern era. While it is imperative to avoid these anti-patterns, we believe that achieving compliance requires comprehensive, grounds up solutions; anything short would amount to fixing a leaky faucet in a sinking ship.


page 1

page 2

page 3

page 4


How Design, Architecture, and Operation of Modern Systems Conflict with GDPR

In recent years, our society is being plagued by unprecedented levels of...

The Seven Sins of Personal-Data Processing Systems under GDPR

In recent years, our society is being plagued by unprecedented levels of...

Characterizing and Mitigating Anti-patterns of Alerts in Industrial Cloud Systems

Alerts are crucial for requesting prompt human intervention upon cloud a...

Designing Data Protection for GDPR Compliance into IoT Healthcare Systems

In this paper, we investigate the implications of the General Data Priva...

Associating eHealth Policies and National Data Privacy Regulations

As electronic data becomes the lifeline of modern society, privacy conce...

Understanding and Benchmarking the Impact of GDPR on Database Systems

The General Data Protection Regulation (GDPR) was introduced in Europe t...

Forgotten @ Scale: A Practical Solution for Implementing the Right To Be Forgotten in Large-Scale Systems

The European General Data Protection Regulation asserts data subjects' r...