Validation of GDPR Compliance   in a Library Management System: A BISIS and TeMDA Case Study

Tijana Rajačić; Danijela Boberić-Krstićev; Danijela Tešendić; Gordana Milosavljević

doi:10.5860/ital.v44i4.17407

Authors

Tijana Rajačić University of Novi Sad, Faculty of Technical Sciences https://orcid.org/0000-0001-6506-3182
Danijela Boberić-Krstićev University of Novi Sad, Faculty of Sciences https://orcid.org/0000-0002-3609-6476
Danijela Tešendić University of Novi Sad, Faculty of Sciences https://orcid.org/0000-0001-8710-7123
Gordana Milosavljević University of Novi Sad, Faculty of Tecnical Sciences https://orcid.org/0000-0003-1764-5422

DOI:

https://doi.org/10.5860/ital.v44i4.17407

Keywords:

GDPR, Library Management System, BISIS, TeMDA, Model-driven development, Automated GDPR validation

Abstract

This paper explores the challenges of achieving General Data Protection Regulation (GDPR) compliance in library management systems (LMSes) by integrating our novel TeMDA framework into BISIS. BISIS is an LMS used in more than 60 libraries in Serbia. We employed a case study conducted in collaboration between the selected BISIS and TeMDA developers, all authors of this paper. We maintained and presented a detailed development diary to provide insights for other developers seeking GDPR compliance in LMSes. The study provides a practical solution for LMSes to ensure GDPR compliance with minimal effort. The description of the development process, accompanied by listings, tables, and diagrams, can assist LMS developers in determining whether the proposed approach is suitable for them. To the best of our knowledge, this paper presents the first detailed case study on integrating a GDPR compliance framework into an LMS.

References

Anita Katulić, Tihomir Katulić, and Ivana Hebrang Grgić, “Application of the Principle of Transparency in Processing of European National Libraries Patrons’ Personal Data,” Digital Library Perspectives 38, no. 4 (2022): 399–411, https://doi.org/10.1108/DLP-11-2021-0097.

Bojana Dimić and Dušan Surla, “XML Editor for UNIMARC and MARC 21 Cataloguing,” The Electronic Library 27, no. 3 (2009): 509–28, https://doi.org/10.1108/02640470910966934.

Cristòfol Daudén-Esmel et al., “Lightweight Blockchain-Based Platform for GDPR-Compliant Personal Data Management,” in 2021 IEEE 5th International Conference on Cryptography, Security and Privacy (CSP) (IEEE, 2021), 68–73, https://doi.org/10.1109/CSP51677.2021.9357602.

D. Votipka et al., “Understanding Security Mistakes Developers Make: Qualitative Analysis from Build It, Break It, Fix It,” in 29th USENIX Security Symposium (USENIX Security, 2020), 109–126, https://www.usenix.org/conference/usenixsecurity20/presentation/votipka-understanding.

Damiano Torre et al., “Using Models to Enable Compliance Checking against the GDPR: An Experience Report,” in 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS) (IEEE, 2019), 1–11, https://doi.org/10.1109/MODELS.2019.00-20.

Danijela Tešendić, Branko Milosavljević, and Dušan Surla, “A Library Circulation System for City and Special Libraries,” The Electronic Library 27, no. 1 (2009): 162–86, https://doi.org/10.1108/02640470910934669.

David Sánchez, Alexandre Viejo, and Montserrat Batet, “Automatic Assessment of Privacy Policies under the GDPR,” Applied Sciences 11, no. 4 (2021): 1762, https://doi.org/10.3390/app11041762.

Evangelia Vanezi et al., “DiálogoP—A Language and a Graphical Tool for Formally Defining GDPR Purposes,” in Research Challenges in Information Science (Springer, 2020), 569–75, https://doi.org/10.1007/978-3-030-50316-1_40.

“General Data Protection Regulation, 2018,” EU Legislative, Intersoft Consulting, accessed May 27, 2024, https://gdpr-info.eu.

“The General Data Protection Regulation,” European Council, accessed June 6, 2024, https://www.consilium.europa.eu/en/policies/data-protection/data-protection-regulation/#application.

Gregor Kiczales et al., “Aspect-Oriented Programming,” in ECOOP'97—Object-Oriented Programming, 11th European Conference, Jyväskylä, Finland, June 9–13, 1997, Proceedings, ed. Mehmet Aksit and Satoshi Matsuoka (Berlin: Springer, 1997), 220–42.

“IFLA Statement on Privacy in the Library Environment,” International Federation of Library Associations and Institutions, accessed November 21, 2024, https://www.ifla.org/wp-content/uploads/2019/05/assets/hq/news/documents/ifla-statement-on-privacy-in-the-library-environment.pdf.

Irit Hadar et al., “Privacy by Designers: Software Developers’ Privacy Mindset,” Empirical Software Engineering: An International Journal 23, no. 1 (2018): 259–89, https://doi.org/10.1007/s10664-017-9517-1.

João Caramujo et al., “RSL-IL4Privacy: A Domain-Specific Language for the Rigorous Specification of Privacy Policies,” Requirements Engineering 24 (2019): 1–26, https://doi.org/10.1007/s00766-018-0305-2.

Judith Michael et al., “Towards Privacy-Preserving IoT Systems Using Model Driven Engineering,” in Proceedings of MDE4IoT Workshop @ MODELS 2019 (dblp, 2019).

Konstantinos Vavousis et al., “Text and Data Mining for the National Library of Greece in Consideration of Internet Security and GDPR,” Qualitative and Quantitative Methods in Libraries 9, no. 3 (2020): 441–60.

Masoud Barati and Omer Rana, “Tracking GDPR Compliance in Cloud-Based Service Delivery,” IEEE Transactions on Services Computing 15, no. 3 (2020): 1498–511, https://doi.org/10.1109/TSC.2020.2999559.

“Object Constraint Language (OCL),” Object Management Group, accessed May 3, 2024, https://www.omg.org/spec/OCL.

Oshrat Ayalon, Eran Toch, Irit Hadar, and Michael Birnhack, “How Developers Make Design Decisions about Users’ Privacy: The Place of Professional Communities and Organizational Climate,” in Companion of the 2017 ACM Conference on Computer Supported Cooperative Work and Social Computing (New York: ACM, 2017), 135–38, https://doi.org/10.1145/3022198.3026326.

Paul Sturges et al., “User Privacy in the Digital Library Environment: An Investigation of Policies and Preparedness,” Library Management 24, nos. 1–2 (2003): 44–50, https://doi.org/10.1108/01435120310454502.

Rudrani Saha, “Data Privacy and Cyber Security in Digital Library Perspective: Safe Guarding User Information,” International Journal of Scientific Research in Engineering and Management 8, no. 4 (2024): 1–6, https://doi.org/10.55041/IJSREM30761.

Senarath Awanthika and Nalin A. G. Arachchilage, “Why Developers Cannot Embed Privacy into Software Systems? An Empirical Investigation,” in Proceedings of the 22nd International Conference on Evaluation and Assessment in Software Engineering 2018 (New York: ACM, 2018), 211–16, https://doi.org/10.1145/3210459.3210484.

Thomas Stahl et al., Model-driven Software Development: Technology, Engineering, Management (Wiley, 2006).

Vanessa Ayala-Rivera and Liliana Pasquale, “The Grace Period Has Ended: An Approach to Operationalize GDPR Requirements,” in 2018 IEEE 26th International Requirements Engineering Conference (RE) (IEEE, 2018), 136–46, https://doi.org/10.1109/RE.2018.00023.

Vanessa Ayala-Rivera, A. Omar Portillo-Domínguez, and Liliana Pasquale, “GDPR Compliance via Software Evolution: Weaving Security Controls in Software Design,” Journal of Systems and Software 216 (2024): 112144, https://doi.org/10.1016/j.jss.2024.112144.

Yangheran Piao, Kai Ye, and Xiaohui Cui, “A Data Sharing Scheme for GDPR-Compliance Based on Consortium Blockchain,” Future Internet 13, no. 8 (2021): 217, https://doi.org/10.3390/fi13080217.

Validation of GDPR Compliance in a Library Management System

A BISIS and TeMDA Case Study

Authors

DOI:

Keywords:

Abstract

References

Downloads

Published

How to Cite

Issue

Section

License

Developed By

Information