Table 2 Summary of the findings
LINDDUN | Privacy issues | Solutions |
|---|---|---|
Linkability | The risk of cloud service providers misusing and sharing information is concerning. There is a trust issue with cloud service providers. Privacy issues related to Linkability can violate all of the principles of the GDPR | The need to establish contractual agreements with cloud service providers and to use EU cloud service providers is crucial to ensure GDPR compliance |
Identifiability | Information can become sensitive over time, especially when storing a large volume of data with a third party, as it can be identified. One of the contributing factors to this is the lack of awareness among employees. Privacy issues related to Identifiability can potentially violate all of the principles of the GDPR | To ensure that personal information remains unidentified, GDPR measures such as anonymization or pseudonymization need to be implemented. Simultaneously, it has become crucial to exercise control over the cloud service provider and enhance employee awareness |
Non-repudiation | The surveillance laws in the US raise concerns about the risk of unauthorized access and the potential loss of digital sovereignty. Privacy issues related to Non-Repudiation have the potential to violate several GDPR principles, including Integrity and Confidentiality, Accountability, and Accuracy | To avoid surveillance, strong encryption is necessary if data are to be stored within the US. It is essential to uphold digital sovereignty within Sweden. Collaborations and the development of secure cloud solutions in Sweden are of great importance to ensure GDPR compliance |
Detectability | Public cloud service providers have been analyzing and exploiting personal data without users’ knowledge. Privacy issues related to Detectability can potentially violate all of the principles presented in the GDPR | To mitigate the risk of detecting sensitive information, certain measures need to be implemented, such as conducting due diligence and closely monitoring the activities of cloud service providers to ensure GDPR compliance |
Disclosure of information | The exposure of personal information to unauthorized individuals, the presence of surveillance laws in the US, and the lack of resources among public organizations are all concerning factors. Privacy issues related to Disclosure of Information can indeed impact all of the principles presented in the GDPR | Safeguarding information has become crucial to ensure confidentiality. It is necessary to develop secure infrastructure in Sweden or Europe to strengthen data protection measures. Contractual agreements can also be utilized to limit access from suppliers and further enhance security. Additionally, conducting an information classification process can help categorize data appropriately, thereby aiding in its protection |
Content unawareness | The lack of awareness among users and organizations on how to handle information is a significant concern. Additionally, the vast amounts of information provided by users add to the complexity of data management. Misunderstandings regarding the distinction between IS and IT further compound the challenges. Privacy issues related to Content Unawareness can indeed lead to violations of GDPR principles, as it may result in mishandling and unauthorized access to sensitive data | Absolutely, to ensure GDPR compliance, it is essential to establish routines and policies for information security awareness within an organization. Moreover, educating users about their behaviors when sharing or managing personal information is crucial. By promoting a culture of data protection and privacy consciousness, organizations can strengthen their overall security posture and effectively meet the requirements set forth by the GDPR |
Policy and non-compliance | The legal uncertainty surrounding transferring data outside the EU and the risk of misinterpreting Schrems II ruling are major concerns for organizations. Privacy issues related to Policy and Non-compliance can significantly impact the GDPR principles of Lawfulness, Transparency, and Accountability | Provide recommendations and guidelines to avoid legal uncertainties. The need to establish a new privacy agreement between the EU and US in order to ensure GDPR compliances |