{"id":"https://openalex.org/W4376626861","doi":"https://doi.org/10.56553/popets-2023-0088","title":"Data Security on the Ground: Investigating Technical and Legal Requirements under the GDPR","display_name":"Data Security on the Ground: Investigating Technical and Legal Requirements under the GDPR","publication_year":2023,"publication_date":"2023-05-15","ids":{"openalex":"https://openalex.org/W4376626861","doi":"https://doi.org/10.56553/popets-2023-0088"},"language":"en","primary_location":{"id":"doi:10.56553/popets-2023-0088","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0088","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0088.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://petsymposium.org/popets/2023/popets-2023-0088.pdf","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5091951895","display_name":"Tina Marjanov","orcid":null},"institutions":[{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Tina Marjanov","raw_affiliation_strings":["University of Cambridge"],"affiliations":[{"raw_affiliation_string":"University of Cambridge","institution_ids":["https://openalex.org/I241749"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102316829","display_name":"Maria Konstantinou","orcid":null},"institutions":[{"id":"https://openalex.org/I17618308","display_name":"Freshfields Bruckhaus Deringer","ror":"https://ror.org/05e9zkt34","country_code":"GB","type":"other","lineage":["https://openalex.org/I17618308"]},{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["GB","NL"],"is_corresponding":false,"raw_author_name":"Maria Konstantinou","raw_affiliation_strings":["Vrije Universiteit Amsterdam and Freshfields Bruckhaus Deringer"],"affiliations":[{"raw_affiliation_string":"Vrije Universiteit Amsterdam and Freshfields Bruckhaus Deringer","institution_ids":["https://openalex.org/I17618308","https://openalex.org/I865915315"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040669688","display_name":"Magdalena J\u00f3\u017awiak","orcid":null},"institutions":[{"id":"https://openalex.org/I193700539","display_name":"Tilburg University","ror":"https://ror.org/04b8v1s79","country_code":"NL","type":"education","lineage":["https://openalex.org/I193700539"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Magdalena J\u00f3\u017awiak","raw_affiliation_strings":["Tilburg University"],"affiliations":[{"raw_affiliation_string":"Tilburg University","institution_ids":["https://openalex.org/I193700539"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037832533","display_name":"Dayana Spagnuelo","orcid":"https://orcid.org/0000-0001-6882-6480"},"institutions":[{"id":"https://openalex.org/I193700539","display_name":"Tilburg University","ror":"https://ror.org/04b8v1s79","country_code":"NL","type":"education","lineage":["https://openalex.org/I193700539"]},{"id":"https://openalex.org/I241749","display_name":"University of Cambridge","ror":"https://ror.org/013meh722","country_code":"GB","type":"education","lineage":["https://openalex.org/I241749"]},{"id":"https://openalex.org/I865915315","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50","country_code":"NL","type":"education","lineage":["https://openalex.org/I865915315"]}],"countries":["GB","NL"],"is_corresponding":false,"raw_author_name":"Dayana Spagnuelo","raw_affiliation_strings":["TNO","Tilburg University Tilburg, Netherlands","Vrije Universiteit Amsterdam &","Freshfields Bruckhaus Deringer Frankfurt, Germany","University of Cambridge Cambridge, United Kingdom","Applied Cryptography and Quantum Algorithms, TNO The Hague, Netherlands"],"affiliations":[{"raw_affiliation_string":"TNO","institution_ids":[]},{"raw_affiliation_string":"Tilburg University Tilburg, Netherlands","institution_ids":["https://openalex.org/I193700539"]},{"raw_affiliation_string":"Vrije Universiteit Amsterdam &","institution_ids":["https://openalex.org/I865915315"]},{"raw_affiliation_string":"Freshfields Bruckhaus Deringer Frankfurt, Germany","institution_ids":[]},{"raw_affiliation_string":"University of Cambridge Cambridge, United Kingdom","institution_ids":["https://openalex.org/I241749"]},{"raw_affiliation_string":"Applied Cryptography and Quantum Algorithms, TNO The Hague, Netherlands","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5091951895"],"corresponding_institution_ids":["https://openalex.org/I241749"],"apc_list":null,"apc_paid":null,"fwci":4.6051,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.94450186,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":98},"biblio":{"volume":"2023","issue":"3","first_page":"405","last_page":"417"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.975600004196167,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13364","display_name":"Digitalization, Law, and Regulation","score":0.9722999930381775,"subfield":{"id":"https://openalex.org/subfields/3308","display_name":"Law"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/harm","display_name":"Harm","score":0.7884330749511719},{"id":"https://openalex.org/keywords/data-protection-act-1998","display_name":"Data Protection Act 1998","score":0.5273013114929199},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.5026853084564209},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.47198158502578735},{"id":"https://openalex.org/keywords/risk-analysis","display_name":"Risk analysis (engineering)","score":0.4675449728965759},{"id":"https://openalex.org/keywords/compliance","display_name":"Compliance (psychology)","score":0.4334528148174286},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.39936137199401855},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.3672614097595215},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.21534284949302673},{"id":"https://openalex.org/keywords/law","display_name":"Law","score":0.17382413148880005},{"id":"https://openalex.org/keywords/psychology","display_name":"Psychology","score":0.17086628079414368}],"concepts":[{"id":"https://openalex.org/C2777363581","wikidata":"https://www.wikidata.org/wiki/Q15098235","display_name":"Harm","level":2,"score":0.7884330749511719},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.5273013114929199},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.5026853084564209},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.47198158502578735},{"id":"https://openalex.org/C112930515","wikidata":"https://www.wikidata.org/wiki/Q4389547","display_name":"Risk analysis (engineering)","level":1,"score":0.4675449728965759},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.4334528148174286},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.39936137199401855},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.3672614097595215},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.21534284949302673},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.17382413148880005},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.17086628079414368},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.56553/popets-2023-0088","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0088","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0088.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},{"id":"pmh:oai:oai-pmh.tno.nl:56654","is_oa":false,"landing_page_url":"https://resolver.tno.nl/uuid:d6da8645-1b0d-438e-ba41-66444224bbb7","pdf_url":null,"source":{"id":"https://openalex.org/S7407055233","display_name":"TNO Repository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Proceedings on Privacy Enhancing Technologies, 3, pp. 405-417.","raw_type":"info:eu-repo/semantics/conferencePaper"}],"best_oa_location":{"id":"doi:10.56553/popets-2023-0088","is_oa":true,"landing_page_url":"https://doi.org/10.56553/popets-2023-0088","pdf_url":"https://petsymposium.org/popets/2023/popets-2023-0088.pdf","source":{"id":"https://openalex.org/S4210183172","display_name":"Proceedings on Privacy Enhancing Technologies","issn_l":"2299-0984","issn":["2299-0984"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320322","host_organization_name":"De Gruyter Open","host_organization_lineage":["https://openalex.org/P4310320322","https://openalex.org/P4310313990"],"host_organization_lineage_names":["De Gruyter Open","De Gruyter"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings on Privacy Enhancing Technologies","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321014","display_name":"Vrije Universiteit Amsterdam","ror":"https://ror.org/008xxew50"}],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4376626861.pdf"},"referenced_works_count":22,"referenced_works":["https://openalex.org/W1974971448","https://openalex.org/W2868856692","https://openalex.org/W2883729192","https://openalex.org/W2893405045","https://openalex.org/W2896807440","https://openalex.org/W2911198076","https://openalex.org/W2961360674","https://openalex.org/W2970752633","https://openalex.org/W2980381981","https://openalex.org/W2982500526","https://openalex.org/W2990724439","https://openalex.org/W3008740022","https://openalex.org/W3012543016","https://openalex.org/W3025750846","https://openalex.org/W3104695953","https://openalex.org/W3118214075","https://openalex.org/W3129170862","https://openalex.org/W3189796540","https://openalex.org/W3198003258","https://openalex.org/W4206626278","https://openalex.org/W4243161795","https://openalex.org/W4289674249"],"related_works":["https://openalex.org/W2410395228","https://openalex.org/W3125941065","https://openalex.org/W2484615095","https://openalex.org/W4366371796","https://openalex.org/W3203175338","https://openalex.org/W2356901839","https://openalex.org/W4366371752","https://openalex.org/W1489027086","https://openalex.org/W4205440829","https://openalex.org/W2339265919"],"abstract_inverted_index":{"The":[0,116],"GDPR":[1],"has":[2],"been":[3],"in":[4,35],"force":[5],"since":[6],"2018,":[7],"but":[8,101,127],"there":[9],"is":[10],"still":[11,130],"uncertainty":[12],"about":[13],"how":[14],"to":[15,133,143,156,169],"comply":[16],"with":[17,83,164],"several":[18],"of":[19,56,71,75,81,91,95,114,158],"its":[20],"provisions,":[21],"including":[22],"Article":[23,57],"32":[24,58],"which":[25],"sets":[26],"forth":[27],"the":[28,41,44,49,92,144,150,159,165],"requirements":[29],"for":[30,54,102],"data":[31,99,124,145],"security.":[32],"While":[33],"scholars":[34],"this":[36],"field":[37],"have":[38],"previously":[39],"analysed":[40],"law":[42],"or":[43,111,140],"industry":[45,167],"standards,":[46],"we":[47],"use":[48],"fines":[50,128],"imposed":[51,131],"so":[52],"far":[53],"violation":[55],"as":[59],"our":[60,88],"primary":[61],"data.":[62],"We":[63,147],"annotate":[64],"and":[65,68,137,172],"analyse":[66],"technical":[67],"legal":[69],"aspects":[70],"a":[72,105,112],"representative":[73],"subset":[74],"cases.":[76],"Using":[77],"clustering,":[78],"four":[79,93],"groups":[80,94],"cases":[82,96,120,151],"distinct":[84],"characteristics":[85],"emerge":[86],"from":[87,98,149,162],"research.":[89],"Three":[90],"suffer":[97],"incidents,":[100],"different":[103,152],"reasons:":[104],"targeted":[106],"attack,":[107],"non-technical":[108],"human":[109],"mistakes,":[110],"combination":[113],"mistakes.":[115],"final":[117],"group":[118],"includes":[119],"where":[121],"no":[122],"actual":[123],"incident":[125],"happened,":[126],"were":[129],"due":[132],"insufficient":[134],"organisational":[135,170],"measures":[136,153,171],"high":[138],"risk":[139],"imminent":[141],"harm":[142],"subjects.":[146],"uncover":[148],"that":[154],"apply":[155],"each":[157],"groups,":[160],"ranging":[161],"compliance":[163],"highest":[166],"standards":[168],"enhanced":[173],"internal":[174],"privacy":[175],"awareness.":[176]},"counts_by_year":[{"year":2025,"cited_by_count":5},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}