Preprint Article Version 1 Preserved in Portico This version is not peer-reviewed

Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR)

Version 1 : Received: 27 October 2020 / Approved: 28 October 2020 / Online: 28 October 2020 (10:00:55 CET)

How to cite: Georgiou, D.; Lambrinoudakis, C. Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR). Preprints 2020, 2020100577 (doi: 10.20944/preprints202010.0577.v1). Georgiou, D.; Lambrinoudakis, C. Compatibility of a Security Policy for a Cloud-based Healthcare System with the EU General Data Protection Regulation (GDPR). Preprints 2020, 2020100577 (doi: 10.20944/preprints202010.0577.v1).

Abstract

Currently, there are several challenges that Cloud-based health-care Systems, around the world, are facing. The most important issue is to ensure security and privacy or in other words to ensure the confidentiality, integrity and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the General Data Protection Regulation, and also at the same time we present how the Cloud-based Security Policy methodology proposed in [1] could be modified in order to be compliant with the GDPR and how Cloud environments can assist developers to build secure and GDPR compliant Cloud-based health Systems. The major concept of this paper is, primarily, to facilitate Cloud Providers in comprehending the framework of the new General Data Protection Regulation and secondly, to identify security measures and security policy rules for the protection of sensitive data in a Cloud-based Health System, following our risk-based Security Policy Methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

Subject Areas

Cloud Computing; Health Systems; Security; Privacy; Data Protection; GDPR

Comments (0)

We encourage comments and feedback from a broad range of readers. See criteria for comments and our diversity statement.

Leave a public comment
Send a private comment to the author(s)
Views 0
Downloads 0
Comments 0
Metrics 0


×
Alerts
Notify me about updates to this article or when a peer-reviewed version is published.
We use cookies on our website to ensure you get the best experience.
Read more about our cookies here.