Towards a lawful authorized access: A preliminary GDPR-based authorized access

The General Data Protection Regulation (GDPR)'s sixth principle, Integrity and Confidentiality, dictates that personal data must be protected from unauthorised or unlawful processing. To this aim, we propose a systematic approach for authoring access control policies that are by-design aligned with the provisions of the GDPR. We exemplify it by considering realistic use cases.