search menu icon-carat-right cmu-wordmark

Architecture Principles for Data Privacy of Cloud-Based Medical-Device Services

May 2018 • Presentation
Andrzej Knafel (Roche Diagnostics International, Ltd.)

This talk describes architecture principles for addressing GDPR data privacy requirements sufficiently enough to operate software products in most global regions.

Publisher:

Software Engineering Institute

Watch

Abstract

The European Union's GDPR (General Data Protection Regulation) adds to the varying data privacy laws and regulations of multiple countries and regions. This presentation describes architecture principles for addressing the data privacy requirements sufficiently enough to operate these products in most of the global regions, not having region/country specific implementations but only regional deployment and configuration—enabling alignment among various cloud products (saving development and operation costs).

The architecture aspects addressed include solutions for data classification, data residency, encryption, anonymization/pseudonymization, key management, user residency and user access control/identity management, consent management, audit trail, data breach detection/data loss prevention, storage redundancy/backup-restore, portability, and data subject related functionality (e.g., erasure of personal data).