Abstract

The European Union General Data Protection Regulation (GDPR) governs personal data processing, aiming to ensure privacy in all systems handling such data. All systems that process personal data, including software systems are legally obliged to comply to all articles of the GDPR applicable to them. In this paper, the case study of an e-Learning software platform, namely the INFORM platform and its compliance to relevant articles of the GDPR is presented. The e-Learning platform was developed with the objective to host the educational material developed under the JUSTICE EU-funded project INFORM, targeting judiciary, court staff and legal practitioners, in order to provide free and open distance access to the content. In particular, the paper demonstrates the compliance of the platform with the articles and principles of: Data Minimisation, Lawfulness of Processing, Right to Erasure, Right of Access, Right to Data Portability, Right to Rectification and Security of Processing. By applying these articles, conformance to the provision for Data Protection by design is also achieved; the platform's software development process integrates the articles of the GDPR early in the development steps, from the specification and design phases. We show how the design process progressed and demonstrate the corresponding functionality within the e-Learning platform. The paper extracts a list of lessons learned and conclusions on software GDPR compliance.