Journal ArticleOPEN ACCESS

Thinking with GDPR: A guide to better system design

Information Services and Use (2021) 41(1-2) 61-69
DOI: 10.3233/ISU-210107
0Citations
Citations of this article
21Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Europe's General Data Protection Regulation (GDPR) has a fearsome reputation as “the law that can fine you €20 million.” But behind that scary slogan lies a text that can be a very helpful guide to designing data processing systems. This paper explores that side of the GDPR: how understanding it can produce more effective - and more trustworthy - systems. Three popular myths often take designers down the wrong track: that GDPR is about stopping processing, is about users, and is about consent. Instead we consider, from a design perspective, the GDPR's source material, its Principles, and its Lawful Bases for processing. Three examples - from the field of education, but widely applicable - show how “thinking with GDPR” has improved both the effectiveness and safety of large-scale data processing systems.

Author supplied keywords

Cite

CITATION STYLE

APA

Cormack, A. (2021). Thinking with GDPR: A guide to better system design. Information Services and Use, 41(1–2), 61–69. https://doi.org/10.3233/ISU-210107

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free