Privacy and Data Protection Compliance for Applications
Authors
Hansen, Cherie Mai Caloyloy ; Amini, Zohra
Term
4. semester
Education
Publication year
2023
Submitted on
2023-06-01
Pages
75
Abstract
This master’s thesis investigates how software applications can achieve compliance with data protection laws by translating legal requirements into practical guidance for developers. We review the state of the art across key regulations—primarily the EU GDPR and Brazil’s LGPD—and relevant frameworks and standards (e.g., ISO/IEC 27001), and outline documentation practices such as Data Protection Impact Assessments (DPIA), Transfer Impact Assessments (TIA) and privacy notices. The research combines a literature-based mapping of requirements with empirical field observations, risk analysis, and a case study of Educado, a Denmark-built mobile education platform for Brazilian waste pickers. In the case study, we apply and document a DPIA, a TIA and a privacy notice to address cross-jurisdiction processing and data transfers. The thesis discusses the main challenges organizations face when building and operating applications under multiple legal regimes and offers recommendations, guidelines and best practices to support compliance. Detailed results are presented in the full case analysis and are not included in this excerpt.
Dette kandidatspeciale undersøger, hvordan softwareapplikationer kan opnå efterlevelse af databeskyttelseslovgivning ved at omsætte juridiske krav til praksisnære retningslinjer for udviklere. Vi gennemgår state of the art på tværs af centrale regelsæt—primært EU’s GDPR og Brasiliens LGPD—samt relevante rammeværk og standarder (fx ISO/IEC 27001), og beskriver dokumentationspraksis som Data Protection Impact Assessments (DPIA), Transfer Impact Assessments (TIA) og privatlivsmeddelelser. Metodisk kombinerer vi litteraturbaseret kortlægning med empiriske feltobservationer, risikovurdering og et casestudie af Educado, en danskudviklet mobil læringsplatform for brasilianske affaldssamlere. I casen anvender og dokumenterer vi DPIA, TIA og en privatlivsmeddelelse for at adressere grænseoverskridende behandling og dataoverførsel. Specialet drøfter de væsentligste udfordringer, som organisationer møder, når applikationer skal bygges og drives under flere lovregimer, og giver anbefalinger, retningslinjer og best practices til at understøtte compliance. Detaljerede resultater præsenteres i den fulde caseanalyse og er ikke inkluderet i dette uddrag.
[This apstract has been generated with the help of AI directly from the project full text]