Privacy as a Service (PraaS): A Conceptual Model of GDPR to Construct Privacy Services

Abstract

The General Data Protection Regulation (GDPR) requires transparency about the use of personal data. However, what does the transparency mean for an individual? This transparency is an ability of an individual to uniformly fulfill actions stated in the GDPR from checking his/her data usage to erasing data. An individual assumes that these actions are supported by services. Such a uniform aspect “Privacy as a Service” is proposed in this paper. The contribution of this work is a conceptual model of the GDPR for designing privacy services. This model has been built by a content coding of key Articles from the GDPR, followed by incremental conceptual modelling and, finally, adopting the business-generic pattern of a contract. With executable protocol models of two privacy services identified from the GDPR we illustrate how to use our conceptual model. This work contributes to a uniform understanding of privacy by design as “Privacy as a Service”. We discuss the semantic and organizational value of the proposed model.