Skip to main content

Table 2 Requirements and performance areas of the General Data Protection Regulation.

From: Development of a Web GIS for small-scale detection and analysis of COVID-19 (SARS-CoV-2) cases based on volunteered geographic information for the city of Cologne, Germany, in July/August 2020

Requirements according to GDPR Performance areas
Transparency for affected parties (Sec. 5 Para. 1 lit. a GDPR) Transparency
Earmarking (Sec. 5 Para. 1 lit. b GDPR) Non-linking
Data minimization (Sec. 5 Para. 1 lit. c GDPR) Data minimization
Correctness (Sec. 5 Para. 1 lit. d GDPR) Integrity
Storage limit (Sec. 5 Para. 1 lit. e GDPR) Data minimization
Integrity (Sec. 5 Para. 1 lit. f, Sec. 32 Para. 1 lit. b, GDPR) Integrity
Confidentiality (Sec. 5 Para. 1 lit. f, Sec. 28 Para. 3 lit. b GDPR) Confidentiality
Accountability and verifiability (Sec. 5 Para. 2 GDPR) Transparency
Identification and authentication (Sec. 12 Para. 6 GDPR) Intervenability
Support in the exercise of data subject rights (Sec. 12 Para. 2 GDPR) Intervenability
Possibility to correct data (Sec. 5 lit. d GDPR) Intervenability
Data erasability (Sec. 17 Para. 1 GDPR) Intervenability
Restrictability of the processing of data (Sec. 18 GDPR) Intervenability
Data portability (Sec. 20 Para. 1 GDPR) Intervenability
Possibility of intervention in processes of automated decisions (Sec. 22 Para. 3 GDPR) Intervenability
Freedom from error and discrimination in the profiling (Sec. 22 Para. 3, 4 i. V. m. ErwGr. 71) Integrity
Privacy-friendly default settings (Sec. 25 Para. 2 GDPR) Data minimization, intervenability
Availability (Sec. 32 Para. 1 lit. b GDPR) Availability
Resilience (Sec. 32 Para. 1 lit. b GDPR) Availability, integrity, confidentiality
Restorability (Sec. 32 Para. 1 lit. b, lit. c GDPR) Availability
Evaluability (Sec. 32 Para. 1 lit. d GDPR) All previously mentioned
Data breach remediation and mitigation. (Sec. 33 Para. 3 lit. d, 34 Para. 2 GDPR) Integrity, intervenability, confidentiality, availability
Adequate monitoring of processing (Sec. 32, 33, 34 GDPR) Transparency, integrity
Consent management (Sec. 4 Nr. 11, Sec. 7 Para. 4 GDPR) Transparency, intervenability
Implementation of regulatory orders (Sec. 58 Para. 2 lit. f und lit. j) Intervenability