HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

GDPR Modelling for Log-Based Compliance Checking

Abstract : Since the entry into force of the General Data Protection Regulation (GDPR), public and private organizations face unprecedented challenges to ensure compliance with new data protection rules. To help its implementation, academics and technologists proposed innovative solutions leading to what is known today as privacy engineering. Among the main goals of these solutions are to enable compliant data processing by controllers and to increase trust in compliance by data subjects. While data protection by design (Article 25 of GDPR) constitutes a keystone of the regulation, many legacy systems are not designed and implemented with this concept in mind, but still process large quantities of personal data. Consequently, there is a need for “after design” ways to check compliance and remediate to data protection issues. In this paper, we propose to monitor and check the compliance of legacy systems through their logs. In order to make it possible, we modelled a core subset of the GDPR in the Prolog language. The approach we followed produced an operational model of the GDPR which eases the interactions with standard operational models of Information Technology (IT) systems. Different dimensions required to properly address data protection obligations have been covered, and in particular time-related properties such as retention time. The logic-based GDPR model has also been kept as close as possible to the legal wording to allow a Data Protection Officer to explore the model in case of need. Finally, even if we don’t have a completed tool yet, we created a proof-of-concept framework to use the GDPR model to detect data protection compliance violations by monitoring the IT system logs.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/hal-03182599
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, March 26, 2021 - 2:32:46 PM
Last modification on : Thursday, February 17, 2022 - 10:08:04 AM
Long-term archiving on: : Sunday, June 27, 2021 - 6:46:14 PM

File

491176_1_En_1_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Colombe Montety, Thibaud Antignac, Christophe Slim. GDPR Modelling for Log-Based Compliance Checking. 13th IFIP International Conference on Trust Management (IFIPTM), Jul 2019, Copenhagen, Denmark. pp.1-18, ⟨10.1007/978-3-030-33716-2_1⟩. ⟨hal-03182599⟩

Share

Metrics

Record views

76

Files downloads

24