Review History


All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.

Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.

View examples of open peer review.

Summary

  • The initial submission of this article was received on August 9th, 2022 and was peer-reviewed by 3 reviewers and the Academic Editor.
  • The Academic Editor made their initial decision on September 29th, 2022.
  • The first revision was submitted on October 19th, 2022 and was reviewed by 1 reviewer and the Academic Editor.
  • A further revision was submitted on November 4th, 2022 and was reviewed by the Academic Editor.
  • The article was Accepted by the Academic Editor on November 4th, 2022.

Version 0.3 (accepted)

· Nov 4, 2022 · Academic Editor

Accept

I'm happy to accept the paper now without further revisions - Well Done.

[# PeerJ Staff Note - this decision was reviewed and approved by Sedat Akleylek, a PeerJ Section Editor covering this Section #]

Version 0.2

· Oct 27, 2022 · Academic Editor

Minor Revisions

Comments from the Academic Editor:

The paper still needs further improvements to increase the paper quality and so the following notes should addressed:

1. The authors should include a paper road map in Introduction Section.
2. They should look at the recent report from General Data Protection Regulation (GDPR) and cited in the paper.
3.The following research question:
How can SMEs check and improve their GDPR compliance when using cloud services?
Has two answers and so I suggest to divide this research question to questions.
If not, please clarify why.
4. I think Contribution Subsection can be rephrased to one or two paragraphs.
5. The authors should avoid the repeated paragraphs and statements mentioned in Abstract, Introduction and Related work Sections.
6. What are the main advantages of the proposed tool over other tools such as FACILITA 2.0, Facilita – Emprende and LogicGate? These should be mentioned clearly in the related work.
7. Is the methodology of the proposed tool a repeated cycle? I noticed the arrow at the bottom of the methodology figure towards from the end to step no 7. If not, the authors should clarify this methodology more.

Reviewer 1 ·

Basic reporting

The authors have satisfied all the comments of previous round successfully.

Experimental design

The authors have satisfied all the comments of previous round successfully.

Validity of the findings

None

Additional comments

The authors have satisfied all the comments of previous round successfully. I recommend accepting this paper.

Version 0.1 (original submission)

· Sep 29, 2022 · Academic Editor

Major Revisions

The paper needs further improvements. The authors should address the comments from the reviewers in the revised paper.

[# PeerJ Staff Note: Please ensure that all review comments are addressed in a rebuttal letter and any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate. It is a common mistake to address reviewer questions in the rebuttal letter but not in the revised manuscript. If a reviewer raised a question then your readers will probably have the same question so you should ensure that the manuscript can stand alone without the rebuttal letter. Directions on how to prepare a rebuttal letter can be found at: https://peerj.com/benefits/academic-rebuttal-letters/ #]

Reviewer 1 ·

Basic reporting

Software Compliance with the law and regulations can be a difficult undertaking, especially for multinational software firms with a clientele from a variety of industry sectors and locations. First, even though it is on a very tiny scale, there might be a significant number of regulatory compliance requirements that must be taken into account. Given the tremendous breadth of federal regulation, it is not possible to list the complete extent of U.S. law dealing to data, privacy, and records. This paper introduces a tool called GDPRValidator that can help cloud service providers manage and store employee or customer data in the cloud while remaining GDPR compliant. This tool is intended for small and medium-sized businesses (SMEs) that have moved all or a portion of their services to the cloud in order to benefit from this technology and gain a competitive edge. The following comments are suggested for improvements of the content.

Experimental design

1- Abstract: The abstract is too general and need to specify the main results and findings of the proposed tool.

2- Motivation: What is the motivation of this work? Motivation behind using the tool, is not clear.

3- Language: The language usage throughout this paper need to be improved, the author should do some proofreading on it. Also, the format of the whole paper looks messy, the authors should put the format into a unified form. Give the article a mild language revision to get rid of few complex sentences that hinder readability, and eradicate typo errors.

4- Literature review: It is not enough discussed in this article, highly appreciate to reinforce this part. The related work could be extended and incorporates more comprehensive discussions on topics in the software compliance with different regulations. I suggest summarizing the related work in a form of table.

5- Difference: The difference of the proposed tool with existing tools (if any) is not properly addressed. These differences should be highlighted.

Validity of the findings

6- Theoretical analysis: What is the efficiency of the tool? Do the authors address this? any theoretical analysis or experimental analysis? is it real-time?

Additional comments

Software Compliance with the law and regulations can be a difficult undertaking, especially for multinational software firms with a clientele from a variety of industry sectors and locations. First, even though it is on a very tiny scale, there might be a significant number of regulatory compliance requirements that must be taken into account. Given the tremendous breadth of federal regulation, it is not possible to list the complete extent of U.S. law dealing to data, privacy, and records. This paper introduces a tool called GDPRValidator that can help cloud service providers manage and store employee or customer data in the cloud while remaining GDPR compliant. This tool is intended for small and medium-sized businesses (SMEs) that have moved all or a portion of their services to the cloud in order to benefit from this technology and gain a competitive edge. The following comments are suggested for improvements of the content.

1- Abstract: The abstract is too general and need to specify the main results and findings of the proposed tool.

2- Motivation: What is the motivation of this work? Motivation behind using the tool, is not clear.

3- Language: The language usage throughout this paper needs to be improved, the author should do some proofreading on it. Also, the format of the whole paper looks messy, the authors should put the format into a unified form. Give the article a mild language revision to get rid of few complex sentences that hinder readability and eradicate typo errors.

4- Literature review: It is not enough discussed in this article, highly appreciate to reinforce this part. The related work could be extended and incorporates more comprehensive discussions on topics in the software compliance with different regulations. I suggest summarizing the related work in a form of table.

5- Difference: The difference of the proposed tool with existing tools (if any) is not properly addressed. These differences should be highlighted.

• Theoretical analysis: What is the efficiency of the tool? Do the authors address this? any theoretical analysis or experimental analysis? is it real-time?

Reviewer 2 ·

Basic reporting

The paper is written in detailed manner. The authors have made a vast study in the subject area and the information is clear for readers to understand the need for the current research.

Experimental design

The fundamental aim of the validation is to study whether GDPRValidator is a feasible means of enabling
SMEs that use cloud services to assess GDPR compliance. The subsection 7.2 discussed results. The results seems to be fine.

Validity of the findings

The fundamental aim of the validation is to study whether GDPRValidator is a feasible means of enabling
SMEs that use cloud services to assess GDPR compliance. The subsection 7.2 discussed results. The results seems to be fine.

Additional comments

Overall the paper is fine to be accepted.

·

Basic reporting

The main contribution is the presentation of a tool to help SMEs understand and validate
their compliance with GDPR. The paper is written well and in a elaborated way. This puts forth that the authors have worked strongly in this area and this is reflected by the implementation details provided as a link for reference. Overall the work reported is fine.

Experimental design

The Implementation is done by considering the purpose of data access, consent to access, DPIA, or data management audits, taking into account general and cloud-related GDPR requirements.

The application reported at http://pluton.i3a.uclm.es:8080/companyDataForm2.html is fine and good. It reflects a quality contribution.

Validity of the findings

A tool is proposed to help non-legally trained SMEs in the process of guaranteeing the privacy of their customers’ data. To achieve privacy, GDPRValidator provides them with several documents. Furthermore, this tool is aimed at SMEs since their budget is usually insufficient to allow the hiring of legal experts.

Additional comments

The reported contribution GDPRValidator may be accepted.

All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.