DEFeND Architecture: a Privacy by Design Platform for GDPR Compliance

Luca Piras, Mohammad Al-Obeidallah, Andrea Praitano, Aggeliki Tsohou, Haris Mouratidis, Beatriz Gallego-Nicasio Crespo, Jean Baptiste Bernard, Marco Fiorani, Emmanouil Magkos, Andres Castillo Sanz, Michalis Pavlidis, Roberto D'Addario, Giuseppe Giovanni Zorzino

Research output: Contribution to conferencePaperResearchpeer-review

Abstract

The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changes
concerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.
Original languageEnglish
Publication statusAccepted/In press - 31 May 2019
Event16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019 - Linz, Austria
Duration: 26 Aug 201929 Aug 2019
http://www.dexa.org/trustbus2019

Conference

Conference16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019
Abbreviated titleTrustBus
CountryAustria
CityLinz
Period26/08/1929/08/19
Internet address

Fingerprint

Data privacy
Compliance
Industry
Data acquisition

Cite this

Piras, L., Al-Obeidallah, M., Praitano, A., Tsohou, A., Mouratidis, H., Gallego-Nicasio Crespo, B., ... Giovanni Zorzino, G. (Accepted/In press). DEFeND Architecture: a Privacy by Design Platform for GDPR Compliance. Paper presented at 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, Linz, Austria.
Piras, Luca ; Al-Obeidallah, Mohammad ; Praitano, Andrea ; Tsohou, Aggeliki ; Mouratidis, Haris ; Gallego-Nicasio Crespo, Beatriz ; Baptiste Bernard, Jean ; Fiorani, Marco ; Magkos, Emmanouil ; Castillo Sanz, Andres ; Pavlidis, Michalis ; D'Addario, Roberto ; Giovanni Zorzino, Giuseppe. / DEFeND Architecture : a Privacy by Design Platform for GDPR Compliance. Paper presented at 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, Linz, Austria.
@conference{9c499c1d44544e589a7ad3ef9c8b18fa,
title = "DEFeND Architecture: a Privacy by Design Platform for GDPR Compliance",
abstract = "The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changesconcerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.",
author = "Luca Piras and Mohammad Al-Obeidallah and Andrea Praitano and Aggeliki Tsohou and Haris Mouratidis and {Gallego-Nicasio Crespo}, Beatriz and {Baptiste Bernard}, Jean and Marco Fiorani and Emmanouil Magkos and {Castillo Sanz}, Andres and Michalis Pavlidis and Roberto D'Addario and {Giovanni Zorzino}, Giuseppe",
year = "2019",
month = "5",
day = "31",
language = "English",
note = "16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, TrustBus ; Conference date: 26-08-2019 Through 29-08-2019",
url = "http://www.dexa.org/trustbus2019",

}

Piras, L, Al-Obeidallah, M, Praitano, A, Tsohou, A, Mouratidis, H, Gallego-Nicasio Crespo, B, Baptiste Bernard, J, Fiorani, M, Magkos, E, Castillo Sanz, A, Pavlidis, M, D'Addario, R & Giovanni Zorzino, G 2019, 'DEFeND Architecture: a Privacy by Design Platform for GDPR Compliance' Paper presented at 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, Linz, Austria, 26/08/19 - 29/08/19, .

DEFeND Architecture : a Privacy by Design Platform for GDPR Compliance. / Piras, Luca; Al-Obeidallah, Mohammad; Praitano, Andrea; Tsohou, Aggeliki; Mouratidis, Haris; Gallego-Nicasio Crespo, Beatriz; Baptiste Bernard, Jean; Fiorani, Marco; Magkos, Emmanouil; Castillo Sanz, Andres; Pavlidis, Michalis; D'Addario, Roberto; Giovanni Zorzino, Giuseppe.

2019. Paper presented at 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, Linz, Austria.

Research output: Contribution to conferencePaperResearchpeer-review

TY - CONF

T1 - DEFeND Architecture

T2 - a Privacy by Design Platform for GDPR Compliance

AU - Piras, Luca

AU - Al-Obeidallah, Mohammad

AU - Praitano, Andrea

AU - Tsohou, Aggeliki

AU - Mouratidis, Haris

AU - Gallego-Nicasio Crespo, Beatriz

AU - Baptiste Bernard, Jean

AU - Fiorani, Marco

AU - Magkos, Emmanouil

AU - Castillo Sanz, Andres

AU - Pavlidis, Michalis

AU - D'Addario, Roberto

AU - Giovanni Zorzino, Giuseppe

PY - 2019/5/31

Y1 - 2019/5/31

N2 - The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changesconcerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

AB - The advent of the European General Data Protection Regulation (GDPR) imposes organizations to cope with radical changesconcerning user data protection paradigms. GDPR, by promoting a Privacy by Design approach, obliges organizations to drastically change their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans. This enforces data subjects (e.g., citizens, customers) rights by enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions). Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant. GDPR is difficult to apply also for its length, complexity, covering many aspects, and not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance. From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however there is not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements. In this paper, we propose the design of an architecture for such a platform, able to reuse and integrate peculiarities of those heterogeneous tools, and to support organizations in achieving GDPR compliance. We describe the architecture, designed within the DEFeND EU project, and discuss challenges and preliminary benefits in applying it to the healthcare and energy domains.

M3 - Paper

ER -

Piras L, Al-Obeidallah M, Praitano A, Tsohou A, Mouratidis H, Gallego-Nicasio Crespo B et al. DEFeND Architecture: a Privacy by Design Platform for GDPR Compliance. 2019. Paper presented at 16th International Conference on Trust, Privacy and Security in Digital Business - TrustBus 2019, Linz, Austria.