Top

Published in:

2024 | OriginalPaper | Chapter

Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development

Authors : Bjørn Aslak Juliussen, Jon Petter Rui, Dag Johansen

Published in: Privacy and Identity Management. Sharing in a Digital World

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

The chapter delves into the intricate process of incorporating legal compliance into software development, particularly focusing on data protection laws, cybersecurity regulations, and AI regulations in the EU. It addresses the challenges of retrospectively fitting security and data protection constraints into existing systems and emphasizes the importance of early integration of compliance requirements. The text analyzes the overlapping scopes of the GDPR, NIS 2 Directive, and the proposed AIA, identifying potential conflicts and suggesting strategies for concurrent compliance. It also explores the different risk management approaches of these regulations and offers recommendations for software developers and analysts to navigate the complex landscape of EU regulations.

AI Generated

This summary of the content was generated with the help of AI.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter User Interaction Data in Apps: Comparing Policy Claims to Implementations

next chapter Digital Security Controversy Analysis: A Case Study of the Debate over GCHQ Exceptional Access Proposal

Chung, L., Nixon, B.A., Yu, E., Mylopoulos, J.: Non-Functional Requirements in Software Engineering. Springer, New York (2012). https://doi.org/10.1007/978-1-4615-5269-7CrossRef

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) [2016] OJ L 119/1

Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending regulation (EU) NO 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive) [2022] OJ L 333/80. See NIS 2 Article 41(1) for the date of entry into force of the directive

Proposal for a Regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain union legislative acts COM/2022/206 final. Recital 51

European Commission, Regulatory Framework Proposal on Artificial Intelligence. https://digital-strategy.ec.europa.eu/en/policies/regulatory-framework-ai. Accessed 22 Nov 2023

Nweke, L.O., Wolthusen, S.: Legal issues related to cyber threat information sharing among private entities for critical infrastructure protection. In: 2020 12th International Conference on Cyber Conflict (CyCon), vol. 1300. IEEE (2020). https://doi.org/10.23919/CyCon49761.2020.9131721

Borden, R., et al.: Threat information sharing under GDPR. https://www.americanbar.org/groups/science_technology/publications/scitech_lawyer/2019/spring/threat-information-sharing-under-gdpr/. Accessed 22 Nov 2023

Case C-154/21 Österreichische Post ECLI:EU:C:2023:3 (Grand Chamber)

Markopoulou, D., et al.: The new EU cybersecurity framework: the NIS Directive, ENISA’s role and the General Data Protection Regulation. Comput. Law Secur. Rev. 35(6), 105336 (2019). https://doi.org/10.1016/j.clsr.2019.06.007CrossRef

10.

Sarker, I.H., et al.: AI-driven cybersecurity: an overview, security intelligence modeling and research directions. SN Comput. Sci. 2, 173 (2021). https://doi.org/10.1007/s42979-021-00557-0CrossRef

11.

Horák, M., et al.: GDPR compliance in cybersecurity software: a case study of DPIA in information sharing platform. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019). https://doi.org/10.1145/3339252.3340516

12.

Perera, H., et al.: Towards integrating human values into software: mapping principles and rights of GDPR to values. In: 2019 IEEE 27th International Requirements Engineering Conference (RE). IEEE (2019). https://doi.org/10.1109/RE.2019.00053

13.

Aberkane, A.-J., Poels, G., Broucke, S.V.: Exploring automated GDPR-compliance in requirements engineering: a systematic mapping study. IEEE Access 9, 66542–66559 (2021). https://doi.org/10.1109/ACCESS.2021.3076921CrossRef

14.

Conger, S., Landry, B.J.L.: The intersection of privacy and security (2009). All Sprouts Content. 243

15.

Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending regulation (EU) 2018/1724 (Data Governance Act) [2022] OJ L 152/1

16.

Regulation (EU) 2022/1925 of the European Parliament and of the Council of 14 September 2022 on contestable and fair markets in the digital sector and amending Directives (EU) 2019/1937 and (EU) 2020/1828 (Digital Markets Act) OJ L 265/1

17.

Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market for Digital Services and amending Directive 2000/31/EC (Digital Services Act) [2022] OJ L 277/1

18.

Datatilsynet, Vedtak om pålegg-PostNord AS, 20/02144-16. Information Commissioner’s Office (ICO), Security requirements. Danish Data Protection Authority, passende tekniske og organisatoriske foranstaltninger

19.

Commission Recommendation of 6 May 2003 concerning the definition of micro, small and medium-sized enterprises (2003/361/EC) [2003] OJ L 124/36

20.

Iskhakov, A.Y., Khazanova, Y.Y., Mamchenko, M.V., Meshcheryakov, R.V., Iskhakova, A.O., Khripunov, S.P.: Adaptive authentication system based on unsupervised learning for web-oriented platforms. In: Shakya, S., Papakostas, G., Kamel, K.A. (eds.) ICMCSI 2023. LNDECT, vol. 166, pp. 507–522. Springer, Singapore (2023). https://doi.org/10.1007/978-981-99-0835-6_36CrossRef

21.

Valkenburg, G.: Privacy versus security: problems and possibilities for the trade-off model. In: Gutwirth, S., Leenes, R., de Hert, P. (eds.) Reforming European Data Protection Law, vol. 20, pp. 253–269. Springer, Dordrecht (2015). https://doi.org/10.1007/978-94-017-9385-8_10CrossRef

22.

EFTA, Directive (EU) 2022/2555. https://www.efta.int/eea-lex/32022L2555. Accessed 22 Nov 2023

23.

ISO, ISO/IEC 27001 and related standards. https://www.iso.org/isoiec-27001-information-security.html. Accessed 22 Nov 2023

24.

van Dijk, N., Gellert, R., Rommetveit, K.: A risk to a right? Beyond data protection risk assessments. Comput. Law Secur. Rev. 32(2), 286–306 (2016). https://doi.org/10.1016/j.clsr.2015.12.017CrossRef

25.

European Council, Digital Single Market. https://www.consilium.europa.eu/en/policies/digital-single-market/. Accessed 24 Nov 2023

Title: Developing with Compliance in Mind: Addressing Data Protection Law, Cybersecurity Regulation, and AI Regulation During Software Development
Authors: Bjørn Aslak Juliussen
Jon Petter Rui
Dag Johansen
Publisher: Springer Nature Switzerland
Book: Privacy and Identity Management. Sharing in a Digital World
Print ISBN: 978-3-031-57977-6

Electronic ISBN: 978-3-031-57978-3

Copyright Year: 2024
DOI: https://doi.org/10.1007/978-3-031-57978-3_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"