10 Sep 2019
Session Blockā€”Applications 10:00 - 10:20

The digital revolution has resulted in a lag between existing regulations and the current reality of increasingly interconnected systems, amazing processing power (and results thereof), and data proliferation. To this end, the General Data Protection Regulation (GDPR) comprises a milestone in data protection, creating an environment able to cope with the technological and business reality, and provide for the protection of privacy. However, organisations declare difficulties in GDPR provisions' implementation, despite the resources and money spent, whereas particular problems are faced as regards the new requirements GDPR introduces.

In light of these challenges, the H2020 BPR4GDPR project aims at bringing about a new GDPR compliance paradigm, by providing the tools and methodologies that will significantly facilitate the implementation of the appropriate technical and organisational measures, particularly by SMEs. Its goal is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and inter-organisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. To this end, solutions proposed by BPR4GDPR cover the full process lifecycle addressing major challenges and priorities posed by the Regulation. The starting point is process models, either automatically discovered through organisation logs or manually specified, formally expressed by a Compliance Metamodel. Thereupon, a highly expressive policy framework guides the automatic verification of these models regarding GDPR requirements, and their subsequent transformation, so that they are rendered inherently privacy-aware before being deployed for execution.

The consistent execution of compliant processes is ensured by a comprehensive Compliance Toolkit, able to support all diverging requirements arising from the GDPR, so that even organisations with currently no such infrastructure in place can readily have such mechanisms. For the ex post analysis of processes, process mining is extensively used, in order to ensure that specified policies are indeed enforced. Finally, deployed on the Cloud, BPR4GDPR provides for Compliance-as-a-Service (CaaS).Ā 

ICT abovo Information & Communication Technologies PC
Electrical & Computer Engineer, Dr.-Ing.


Discussion not started yet.