The General Data Protection Regulation (GDPR) has introduced several so-called Data Subject Rights (Chapter 3 of the GDPR). These rights grant the citizens several competencies to exert control over their personal data stored and processed by organizations. The interfaces and processes for Data Subject Rights by organizations are often incomplete and confusing. Therefore, there is a need for standardized interfaces for Data Subject Rights.
The goal of this master's thesis is the design, implementation, and evaluation of an interface for one or more Data Subject Rights.
Exemplary tasks include:
- Analysis of requirements for Data Subject Rights
- Analysis of the current state of the art in Norwegian and European organizations
- Design of a universal process for the execution of Data Subject Rights
- Design of an interface for the process
- Proof of concept implementation for the interface
- Evaluation of the solution, e.g. with a test run based on a sample data set