Designing Data Protection for GDPR Compliance into IoT Healthcare Systems
This addresses data protection for IoT healthcare system designers to avoid heavy fines under GDPR, but it is incremental as it builds on existing design processes.
The paper tackles the challenge of ensuring GDPR compliance in IoT healthcare systems by proposing a data labeling model and Fusion/UML process, illustrated through a case study on Alzheimer's patient monitoring.
In this paper, we investigate the implications of the General Data Privacy Regulation (GDPR) on the design of an IoT healthcare system. On 25th May 2018, the GDPR has become mandatory within the European Union and hence also for all suppliers of IT products. Infringements on the regulation are now fined with penalties of up 20 Million EUR or 4\% of the annual turnover of a company whichever is higher. This is a clear motivation for system designers to guarantee compliance to the GDPR. We propose a data labeling model to support access control for privacy-critical patient data together with the Fusion/UML process to design GDPR compliant system. We illustrate this design process on the case study of IoT based monitoring of Alzheimer's patients that we work on in the CHIST-ERA project SUCCESS.