The GDPR Compliance and Access Control Systems: Challenges and Research Opportunities

Abstract

The General Data Protection Regulation (GDPR) is changing how Personal Data should be processed. Using Access Control Systems (ACSs) and their specific policies as practical means for assuring a by-design lawfully compliance with the privacy-preserving rules and provision is currently an increasingly researched topic. As a result, this newly born research field raises several research questions and paves the way for different solutions. This position paper would like to provide an overview of research challenges and questions concerning activities for analyzing, designing, implementing, and testing Access Control mechanisms (systems and policies) to guarantee compliance with the GDPR. Some possible answers to the open issues and future research directions and topics are also provided.