Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

verfasst von: Tek Raj Chhetri, Anelia Kurteva, Rance J. Delong, Rainer Hilscher, Kai Korte, Anna Fensel
Abstract: The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.
Organisationseinheit(en): Institut für Rechtsinformatik (IRI)
Externe Organisation(en): Universität Innsbruck
The Open Group
Research Triangle Institute International
Wageningen University and Research
Typ: Artikel
Journal: Sensors
Band: 22
ISSN: 1424-8220
Publikationsdatum: 03.04.2022
Publikationsstatus: Veröffentlicht
Peer-reviewed: Ja
ASJC Scopus Sachgebiete: Analytische Chemie, Information systems, Atom- und Molekularphysik sowie Optik, Biochemie, Instrumentierung, Elektrotechnik und Elektronik
Ziele für nachhaltige Entwicklung: SDG 11 – Nachhaltige Städte und Gemeinschaften
Elektronische Version(en): https://doi.org/10.3390/s22072763 (Zugang: Offen)