O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Model-driven Engineering for
Priva...
From GDPR to Engineering
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
Slide 2
Privacy Engineering
Software and System Engineering Practice Viewpoint
Integration of privacy concerns
09/09/2019
Data p...
Privacy Engineering Guidelines
Software and System Engineering Practice Viewpoint
Integration of privacy concerns / Guid...
Privacy Engineering Methods and Tools
Software and System Engineering Practice Viewpoint
Integration of privacy concerns...
Model engineering and Model-driven
engineering
09/09/2019
Data protection in real-time. Transforming privacy law into
prac...
What Model-driven Engineering is
about
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
Sli...
Example Risk Management
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
Slide 8
Risk
manag...
Privacy Engineering: Four Main
Processes
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
S...
Model driven
design
Requirements
engineering
Assurance and
certification
Risk management
Smart grid use
case
Connected
veh...
Privacy Engineering: Four Main
Processes
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
S...
Synergy Risk + Goal
Risk orientation
From threats to measures
Goal orientation
From principles to measures
Example of...
Assurance
Assurance
Verifying that systems meets
specification
Privacy assurance
Sufficiency of measures (technical
an...
Risk Management in PDP4E : MUSA
(BeAwre)
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
S...
Input to requirements engineering in
PDP4E: Papyrus (CEA)
09/09/2019
Data protection in real-time. Transforming privacy la...
Requirement engineering method in
PDP4E: Propan (U.Duisbourg)
09/09/2019
Data protection in real-time. Transforming privac...
Assurance in PDP4E: OpenCert
(Technalia)
09/09/2019
Data protection in real-time. Transforming privacy law into
practice
S...
Personal
data
detector
Model-driven design in PDP4E:
Papyrus (CEA)
09/09/2019
Data protection in real-time. Transforming p...
Future work / Challenges
Complete toolset
Create a community and share
IPEN community (Internet Privacy Engineering Net...
Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
Thank you for your attention
Quest...
Próximos SlideShares
Carregando em…5
×

de

Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 1 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 2 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 3 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 4 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 5 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 6 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 7 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 8 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 9 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 10 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 11 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 12 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 13 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 14 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 15 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 16 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 17 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 18 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 19 Antonio kung - pdp4e privacy engineering oxford   sept 9 - v2 Slide 20
Próximos SlideShares
What to Upload to SlideShare
Avançar
Transfira para ler offline e ver em ecrã inteiro.

0 gostaram

Compartilhar

Baixar para ler offline

Antonio kung - pdp4e privacy engineering oxford sept 9 - v2

Baixar para ler offline

Presentation PDP4E, from GDPR to Privacy engineering, privacy by Design.

  • Seja a primeira pessoa a gostar disto

Antonio kung - pdp4e privacy engineering oxford sept 9 - v2

  1. 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Model-driven Engineering for Privacy Antonio Kung (Trialog) Data protection in real-time. Transforming privacy law into practice. Oxford – Sept 9th, 2019 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 1
  2. 2. From GDPR to Engineering 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 2
  3. 3. Privacy Engineering Software and System Engineering Practice Viewpoint Integration of privacy concerns 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 3 Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods
  4. 4. Privacy Engineering Guidelines Software and System Engineering Practice Viewpoint Integration of privacy concerns / Guidance 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 4 Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Guidance OASIS PMRM ISO/IEC 27550 ISO 31700
  5. 5. Privacy Engineering Methods and Tools Software and System Engineering Practice Viewpoint Integration of privacy concerns / Guidance Engineering workproducts represented by “models” 09/09/2019 Data protection in real-time. Transforming privacy law into practice Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Slide 5
  6. 6. Model engineering and Model-driven engineering 09/09/2019 Data protection in real-time. Transforming privacy law into practice Model engineering constructing proportionally-scaled miniature working representations of full-sized machines Model driven engineering expressing specifications through processable models. Diagram orientation (e.g. UML diagrams) Slide 6
  7. 7. What Model-driven Engineering is about 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 7 Process Input work products Output work products Knowledge Capability
  8. 8. Example Risk Management 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 8 Risk management process Description of system Description of risk sources and of consequences Knowledge Capability Regulation Threat Repository Methodology
  9. 9. Privacy Engineering: Four Main Processes 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 9 Model driven design Requirements engineering Assurance and certification Risk management
  10. 10. Model driven design Requirements engineering Assurance and certification Risk management Smart grid use case Connected vehicle use case Knowledge base Meta models PDP 4E Contribution 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 10
  11. 11. Privacy Engineering: Four Main Processes 09/09/2019 Data protection in real-time. Transforming privacy law into practice System Models Requirements Threats, Controls… Reqs., Controls…Privacy Controls Evidences Risk Management Model-Driven Design Requirements Engineering Assurance Regulation, Ass. Patterns Threats, Controls… Reqs., Controls… Patterns… Slide 11
  12. 12. Synergy Risk + Goal Risk orientation From threats to measures Goal orientation From principles to measures Example of goals  Transparency  Empowerment  Consent 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 12 System Models Risk Management Model-Driven Design Threats, Controls… Patterns…
  13. 13. Assurance Assurance Verifying that systems meets specification Privacy assurance Sufficiency of measures (technical and organisational)  if measures do what they claim to do, then threats to assets are countered Correctness  Measures do what they claim to do 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 13 Requirements Reqs., Controls…Privacy Controls Evidences Requirements Engineering Assurance Regulation, Ass. Patterns Reqs., Controls…
  14. 14. Risk Management in PDP4E : MUSA (BeAwre) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 14
  15. 15. Input to requirements engineering in PDP4E: Papyrus (CEA) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 15
  16. 16. Requirement engineering method in PDP4E: Propan (U.Duisbourg) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X Slide 16
  17. 17. Assurance in PDP4E: OpenCert (Technalia) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 17 Goal Structuring Notation (GSN) – a graphical argumentation notation
  18. 18. Personal data detector Model-driven design in PDP4E: Papyrus (CEA) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 18 Code verification and validation Model transformation Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100)
  19. 19. Future work / Challenges Complete toolset Create a community and share IPEN community (Internet Privacy Engineering Network)  Share tools  Share models Challenges System of systems risk management System of systems model driven design System of systems requirements engineering System of systems assurance 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 19
  20. 20. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Thank you for your attention Questions? For more information, visit: www.pdp4e-project.org Contact points Antonio Kung (Trialog) Antonio.kung@trialog.com Yod Samuel Martín (UPM) ys.martin@upm.es 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 20

Presentation PDP4E, from GDPR to Privacy engineering, privacy by Design.

Vistos

Vistos totais

580

No Slideshare

0

De incorporações

0

Número de incorporações

384

Ações

Baixados

3

Compartilhados

0

Comentários

0

Curtir

0

×