Abstract:
In the era of data-driven opportunities, many businesses are missing the data-privacy challenge, which leads to risks in safeguarding their customers’ data. To empower individuals (data subjects) to control their data, the General Data Protection Regulation (GDPR) mandated businesses or organizations (data controllers) to protect individuals’ data (personal data) within data protection law. Nevertheless, many businesses still struggle to enhance and develop their software systems to comply with the GDPR because it is difficult to interpret and apply to software development practices. Besides, the processing of personal data begins when the data subject provides explicit consent to the data controller, which makes consent management (CM) essential for conducting the personal data lifecycle. This thesis aims to fill this gap by proposing formal models and translating them into class diagrams for consent management in centralized systems and data sharing in distributed systems as guidelines for software engineers. Moreover, the proposed models have been verified and described behavior using the Event-B method.
