Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Tek Raj Chhetri; Anelia Kurteva; Rance J. Delong; Rainer Hilscher; Kai Korte; Anna Fensel

doi:10.3390/s22072763

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Tek Raj Chhetri^*
, Anelia Kurteva
, Rance J. Delong
, Rainer Hilscher
, Kai Korte
, Anna Fensel

^*Corresponding author for this work

Computer Science

Research output: Contribution to journal › Article › peer-review

Abstract

The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.

Original language	English
Article number	2763
Journal	Sensors
Volume	22
Issue number	7
DOIs	https://doi.org/10.3390/s22072763
Publication status	Published - 3 Apr 2022

Bibliographical note

Publisher Copyright:
© 2022 by the authors. Licensee MDPI, Basel, Switzerland.

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 11 Sustainable Cities and Communities

Keywords

compliance verification
data protection by design
data sharing
distributed systems
GDPR
informed consent
knowledge graph
privacy
standard data protection model

ASJC Scopus subject areas

Analytical Chemistry
Information Systems
Atomic and Molecular Physics, and Optics
Biochemistry
Instrumentation
Electrical and Electronic Engineering

Access to Document

10.3390/s22072763Licence: Creative Commons: Attribution (CC BY)

Cite this

@article{7cffa0341d0c4ce2a4e5d03807d1d83c,

title = "Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent",

abstract = "The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR{\textquoteright}s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.",

keywords = "compliance verification, data protection by design, data sharing, distributed systems, GDPR, informed consent, knowledge graph, privacy, standard data protection model",

author = "Chhetri, \{Tek Raj\} and Anelia Kurteva and Delong, \{Rance J.\} and Rainer Hilscher and Kai Korte and Anna Fensel",

note = "Publisher Copyright: {\textcopyright} 2022 by the authors. Licensee MDPI, Basel, Switzerland.",

year = "2022",

month = apr,

day = "3",

doi = "10.3390/s22072763",

language = "English",

volume = "22",

journal = "Sensors",

issn = "1424-8220",

publisher = "MDPI",

number = "7",

}

TY - JOUR

T1 - Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

AU - Chhetri, Tek Raj

AU - Kurteva, Anelia

AU - Delong, Rance J.

AU - Hilscher, Rainer

AU - Korte, Kai

AU - Fensel, Anna

PY - 2022/4/3

Y1 - 2022/4/3

N2 - The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.

AB - The enforcement of the GDPR in May 2018 has led to a paradigm shift in data protection. Organizations face significant challenges, such as demonstrating compliance (or auditability) and automated compliance verification due to the complex and dynamic nature of consent, as well as the scale at which compliance verification must be performed. Furthermore, the GDPR’s promotion of data protection by design and industrial interoperability requirements has created new technical challenges, as they require significant changes in the design and implementation of systems that handle personal data. We present a scalable data protection by design tool for automated compliance verification and auditability based on informed consent that is modeled with a knowledge graph. Automated compliance verification is made possible by implementing a regulation-to-code process that translates GDPR regulations into well-defined technical and organizational measures and, ultimately, software code. We demonstrate the effectiveness of the tool in the insurance and smart cities domains. We highlight ways in which our tool can be adapted to other domains.

KW - compliance verification

KW - data protection by design

KW - data sharing

KW - distributed systems

KW - GDPR

KW - informed consent

KW - knowledge graph

KW - privacy

KW - standard data protection model

UR - https://www.scopus.com/pages/publications/85127382516

U2 - 10.3390/s22072763

DO - 10.3390/s22072763

M3 - Article

C2 - 35408377

AN - SCOPUS:85127382516

SN - 1424-8220

VL - 22

JO - Sensors

JF - Sensors

IS - 7

M1 - 2763

ER -

Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent

Abstract

Bibliographical note

UN SDGs

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this