SlideShare a Scribd company logo

Paris wp5 pd-pb_d

Download as PPTX, PDF
Privacy Data Protection for Engineering
Privacy Data Protection for Engineering

Presentation of Data Protection

Engineering
1 of 25
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Privacy and Data Protection by Design CEA, UPM, Beawre, Trialog Methods and Tools for Privacy and Data Protection by Design 2020/03/10
Outline Privacy and Data Protection by Design (PDPbD): context and challenges Proposed method for PDPbD Tool support for the method Personal Data Detector Module Module for Privacy Model-driven design Module for Code Validation Work progress and perspectives 2019/03/10 Privacy and Data Protection by Design PDP4E
Context Design engineers’ ecosystem:  Several stakeholders and actors  Variety of needs and objectives  Solution for conflicting goals/reqs. Designer’s questions to address:  Which privacy-aspects introduce during systems design?  How identified concerns can be considered at early design steps?  How privacy-by-design can be effectively realized? 2019/03/10 PDP4E Data Industry Developers Individuals Policy makers Attackers Wistleblowers Engineers Dark/hidden actors Image borrowed from https://www.digitalvidya.com/ Privacy and Data Protection by Design Privacy and Data Protection by Design
PDP by Design Method 2019/03/10 PDP4E Main characteristics: Combined bottom-up and top- down approaches:  From data structures to data and data-flow (process) models  Allocation over an architecture model  Architecture refinement towards code Identification of personal data Models improved by Privacy-by- design strategies (ISO 27550) Validation of properties at code level Privacy and Data Protection by Design
Tool support for the PDPbD method 2019/03/10 PDP4E PDPbD Framework 1) Personal Data Detector - Data structures - Identified personal data - Confidence scores Code validation and verification - Privacy flaws - Code improvement 2) Privacy Model-driven designer 3) Module for Code Validation Target of Validation - Components - Pointers to code - Privacy properties Privacy and Data Protection by Design
Interactions with other PDP4E tools Tool support for the PDPbD method 2019/03/10 PDP4E WP5 Risks Requirements Assurance Requirements engineering: • From GDPR • As elicited from ProPAn • Integrating aspects from ISO 29100 Risks analysis: • Impacted assets • Countermeasures, PETs • DFDs ↔ Arch. Assurance process: • Reqs. Fulfillment • Targets of validation • V&V cases/outcomes Personal Data Detector • SQL data • Scores on SQL data • Exporting SQL data and scores Papyrus Data Models • Instances of imported SQL data • Abstract representation of imported SQL data • Extension of UML class diagrams Papyrus Process Models • Processes involving data • Associations to abstract representation of data • Extension of UML Activity diagrams (DFD) Papyrus Architecture Models • Non-automated allocation/mapping to target functional architecture • Functional architecture : UML Composite Structure diagrams • Components architecture: UML Composite Structure diagrams Code Validation • Requirements/properties • Frama-C • SecureFlow • Extensions for PDP Privacy and Data Protection by Design
PDPbD Framework 2019/03/10 PDP4E Personal Data Detector Victor Muntés (Beawre) Privacy and Data Protection by Design
PDPbD Framework 2019/03/10 PDP4E Privacy Model-driven Designer Gabriel Pedroza (CEA) Privacy and Data Protection by Design
Personal data detector Privacy and Data Protection Model-driven Design PDP4E - Code validation and verification - Code improvement Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100) 2019/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Usage 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Process models 3)Apply strategy (e.g., inform, control, enforce, demonstrate) 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system data models 3)Apply strategy (e.g., minimize, separate, abstract, hide) WP5 PDP4E 2019/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design 2019/03/10 PDP4E Implementation Excerpt of Art. 7 1) GDPR metamodel 2) Profile: PDPbD Framework DSML 3) Privacy Mechanisms - GDPR Libraries (patterns) - PDP Techniques 4) Front-end customization - GUI, explorer filters - menus, palettes Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design PDP4E Data-oriented model Abstract data Structured data User defined data types Predefined types:  Table  DataLink  OpaqueData Table Import Data-oriented strategies:  Minimize  Separate  Abstract  Hide 2019/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design PDP4E Data-oriented strategies (27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity Quasi-identifiers  Models are associated to strategies  Implemented strategies help to improve models  Conformity with privacy principles PDP4E 14 2020/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity  2-Anonymized table PDP4E 15 2020/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design PDP4E Process-oriented model DFD implementation:  External entities  Data stores  Processes  Directed data flows DFD Refinement  DFD-L0 to DFD-L1 Data-oriented strategies:  Inform  Control  Enforce  Demonstrate Level 0 DFD 2019/03/10 Level 1 DFD Strategies dialog Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Implementation of a Data Flow Diagram (DFD)  Process  External Entities  Data Store  Data Flow Edges  Input / Output Pins PDP4E 17 2020/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design PDP4E Process-oriented strategies (ISO 27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern  The pattern introduces GDPR consent notions  The pattern is applied on a target DFD model  Instantiation guidance for the user PDP4E 19 2020/03/10 Conditions for Consent (GDPR): Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern Instantiation  Detailed view PDP4E 20 2020/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Architecture model  Components supporting –functional- processes and tasks  Detailed view of components  Vulnerabilities  Privacy measures (PETS)  Technology  Subcomponents  Ports  Connectors PDP4E 21 2020/03/10 Privacy and Data Protection by Design
Privacy and Data Protection Model-driven Design Built-in technique: Process-to-Architecture Allocation  Generate functional architecture aligned to DFD  Manually explore allocation: Process/Tasks  Component/subcomponent  Reference to external artefacts, e.g., code  PDP4E 22 2020/03/10 Privacy and Data Protection by Design
PDPbD Framework 2019/03/10 WP5 PDP4E Module for Code Validation Julien Signoles (CEA)
Current status and perspectives PDP4E Deliverables available in (https://pdp4e-project.eu) Task 5.1:  D5.4 Specification of the method for Privacy and Data Protection by Design (M14) Task 5.2:  D5.1, D5.2 Specification of PDPbD Framework (M14, M18) Task 5.3:  D5.6 First release of the PDPbD Framework (M18)  Perspectives: Framework validation through Smart Grid Case Study Consolidation of the PDPbD Framework Dissemination and exploitation through publications and meetups 2019/03/10 WP5
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.org Thank you for your attention Questions? WP Leader: CEA gabriel.pedroza@cea.fr

Recommended

Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp6 public
Wp6 publicWp6 public
Wp6 publicPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 

Recommended

Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp6 public
Wp6 publicWp6 public
Wp6 publicPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020Privacy Data Protection for Engineering
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Privacy Data Protection for Engineering
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019Privacy Data Protection for Engineering
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineering
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizPrivacy Data Protection for Engineering
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Privacy Data Protection for Engineering
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Knobbe Martens - Intellectual Property Law
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Martens - Intellectual Property Law
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and BlockchainSalman Baset
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Consulting
 
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)EUDAT
 

More Related Content

What's hot

Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationUlf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyUlf Mattsson
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020Ulf Mattsson
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Martens - Intellectual Property Law
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and BlockchainSalman Baset
 

What's hot (20)

Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4E
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra Ruiz
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2
 
Privacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computationPrivacy preserving computing and secure multi party computation
Privacy preserving computing and secure multi party computation
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
Evolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technologyEvolving regulations are changing the way we think about tools and technology
Evolving regulations are changing the way we think about tools and technology
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 

Similar to Paris wp5 pd-pb_d

Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Consulting
 
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)EUDAT
 
How to minimize scope for gdpr data protection compliance when using cloud se...
How to minimize scope for gdpr data protection compliance when using cloud se...How to minimize scope for gdpr data protection compliance when using cloud se...
How to minimize scope for gdpr data protection compliance when using cloud se...Dirk Rünagel
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Melbourne Office 365 User Group - October 2014
Melbourne Office 365 User Group - October 2014Melbourne Office 365 User Group - October 2014
Melbourne Office 365 User Group - October 2014Michael Frank
 
IDC Portugal | Como Libertar os Seus Dados com Virtualização de Dados
IDC Portugal | Como Libertar os Seus Dados com Virtualização de DadosIDC Portugal | Como Libertar os Seus Dados com Virtualização de Dados
IDC Portugal | Como Libertar os Seus Dados com Virtualização de DadosDenodo
 
GraphSummit - Process Tempo - Build Graph Applications.pdf
GraphSummit - Process Tempo - Build Graph Applications.pdfGraphSummit - Process Tempo - Build Graph Applications.pdf
GraphSummit - Process Tempo - Build Graph Applications.pdfNeo4j
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonUlf Mattsson
 
week-02.pdf.Cloud computing.AWS Component
week-02.pdf.Cloud computing.AWS Componentweek-02.pdf.Cloud computing.AWS Component
week-02.pdf.Cloud computing.AWS Componentsingbling
 
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES.eu
 
How to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationHow to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationMicrosoft Tech Community
 
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...DataBench
 
Enterprise Data Marketplace: A Centralized Portal for All Your Data Assets
Enterprise Data Marketplace: A Centralized Portal for All Your Data AssetsEnterprise Data Marketplace: A Centralized Portal for All Your Data Assets
Enterprise Data Marketplace: A Centralized Portal for All Your Data AssetsDenodo
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?FactoVia
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, RubrikVMUG IT
 
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...Denodo
 
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)Denodo
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionDenodo
 

Similar to Paris wp5 pd-pb_d (20)

Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
 
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
Linking HPC to Data Management - EUDAT Summer School (Giuseppe Fiameni, CINECA)
 
How to minimize scope for gdpr data protection compliance when using cloud se...
How to minimize scope for gdpr data protection compliance when using cloud se...How to minimize scope for gdpr data protection compliance when using cloud se...
How to minimize scope for gdpr data protection compliance when using cloud se...
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Melbourne Office 365 User Group - October 2014
Melbourne Office 365 User Group - October 2014Melbourne Office 365 User Group - October 2014
Melbourne Office 365 User Group - October 2014
 
IDC Portugal | Como Libertar os Seus Dados com Virtualização de Dados
IDC Portugal | Como Libertar os Seus Dados com Virtualização de DadosIDC Portugal | Como Libertar os Seus Dados com Virtualização de Dados
IDC Portugal | Como Libertar os Seus Dados com Virtualização de Dados
 
DLP
DLPDLP
DLP
 
GraphSummit - Process Tempo - Build Graph Applications.pdf
GraphSummit - Process Tempo - Build Graph Applications.pdfGraphSummit - Process Tempo - Build Graph Applications.pdf
GraphSummit - Process Tempo - Build Graph Applications.pdf
 
IBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf MattssonIBM Share Conference 2010, Boston, Ulf Mattsson
IBM Share Conference 2010, Boston, Ulf Mattsson
 
week-02.pdf.Cloud computing.AWS Component
week-02.pdf.Cloud computing.AWS Componentweek-02.pdf.Cloud computing.AWS Component
week-02.pdf.Cloud computing.AWS Component
 
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
 
How to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your applicationHow to incorporate data classification capabilities within your application
How to incorporate data classification capabilities within your application
 
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
Session 2 - A Project Perspective on Big Data Architectural Pipelines and Ben...
 
Enterprise Data Marketplace: A Centralized Portal for All Your Data Assets
Enterprise Data Marketplace: A Centralized Portal for All Your Data AssetsEnterprise Data Marketplace: A Centralized Portal for All Your Data Assets
Enterprise Data Marketplace: A Centralized Portal for All Your Data Assets
 
Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?Why care about GDPR and avoid over $20 million fines, even outside EU ?
Why care about GDPR and avoid over $20 million fines, even outside EU ?
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...
Denodo Partner Connect: A Review of the Top 5 Differentiated Use Cases for th...
 
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)
Big Data with Data Virtualization (session 3 from Packed Lunch Webinar Series)
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 

Recently uploaded

Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Christo Ananth
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdfKamal Acharya
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSrknatarajan
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfRagavanV2
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spaintimesproduction05
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 

Recently uploaded (20)

Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...Call for Papers - International Journal of Intelligent Systems and Applicatio...
Call for Papers - International Journal of Intelligent Systems and Applicatio...
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Vivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design SpainVivazz, Mieres Social Housing Design Spain
Vivazz, Mieres Social Housing Design Spain
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 

Paris wp5 pd-pb_d

  • 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Privacy and Data Protection by Design CEA, UPM, Beawre, Trialog Methods and Tools for Privacy and Data Protection by Design 2020/03/10
  • 2. Outline Privacy and Data Protection by Design (PDPbD): context and challenges Proposed method for PDPbD Tool support for the method Personal Data Detector Module Module for Privacy Model-driven design Module for Code Validation Work progress and perspectives 2019/03/10 Privacy and Data Protection by Design PDP4E
  • 3. Context Design engineers’ ecosystem:  Several stakeholders and actors  Variety of needs and objectives  Solution for conflicting goals/reqs. Designer’s questions to address:  Which privacy-aspects introduce during systems design?  How identified concerns can be considered at early design steps?  How privacy-by-design can be effectively realized? 2019/03/10 PDP4E Data Industry Developers Individuals Policy makers Attackers Wistleblowers Engineers Dark/hidden actors Image borrowed from https://www.digitalvidya.com/ Privacy and Data Protection by Design Privacy and Data Protection by Design
  • 4. PDP by Design Method 2019/03/10 PDP4E Main characteristics: Combined bottom-up and top- down approaches:  From data structures to data and data-flow (process) models  Allocation over an architecture model  Architecture refinement towards code Identification of personal data Models improved by Privacy-by- design strategies (ISO 27550) Validation of properties at code level Privacy and Data Protection by Design
  • 5. Tool support for the PDPbD method 2019/03/10 PDP4E PDPbD Framework 1) Personal Data Detector - Data structures - Identified personal data - Confidence scores Code validation and verification - Privacy flaws - Code improvement 2) Privacy Model-driven designer 3) Module for Code Validation Target of Validation - Components - Pointers to code - Privacy properties Privacy and Data Protection by Design
  • 6. Interactions with other PDP4E tools Tool support for the PDPbD method 2019/03/10 PDP4E WP5 Risks Requirements Assurance Requirements engineering: • From GDPR • As elicited from ProPAn • Integrating aspects from ISO 29100 Risks analysis: • Impacted assets • Countermeasures, PETs • DFDs ↔ Arch. Assurance process: • Reqs. Fulfillment • Targets of validation • V&V cases/outcomes Personal Data Detector • SQL data • Scores on SQL data • Exporting SQL data and scores Papyrus Data Models • Instances of imported SQL data • Abstract representation of imported SQL data • Extension of UML class diagrams Papyrus Process Models • Processes involving data • Associations to abstract representation of data • Extension of UML Activity diagrams (DFD) Papyrus Architecture Models • Non-automated allocation/mapping to target functional architecture • Functional architecture : UML Composite Structure diagrams • Components architecture: UML Composite Structure diagrams Code Validation • Requirements/properties • Frama-C • SecureFlow • Extensions for PDP Privacy and Data Protection by Design
  • 7. PDPbD Framework 2019/03/10 PDP4E Personal Data Detector Victor Muntés (Beawre) Privacy and Data Protection by Design
  • 8. PDPbD Framework 2019/03/10 PDP4E Privacy Model-driven Designer Gabriel Pedroza (CEA) Privacy and Data Protection by Design
  • 9. Personal data detector Privacy and Data Protection Model-driven Design PDP4E - Code validation and verification - Code improvement Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100) 2019/03/10 Privacy and Data Protection by Design
  • 10. Privacy and Data Protection Model-driven Design Usage 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Process models 3)Apply strategy (e.g., inform, control, enforce, demonstrate) 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system data models 3)Apply strategy (e.g., minimize, separate, abstract, hide) WP5 PDP4E 2019/03/10 Privacy and Data Protection by Design
  • 11. Privacy and Data Protection Model-driven Design 2019/03/10 PDP4E Implementation Excerpt of Art. 7 1) GDPR metamodel 2) Profile: PDPbD Framework DSML 3) Privacy Mechanisms - GDPR Libraries (patterns) - PDP Techniques 4) Front-end customization - GUI, explorer filters - menus, palettes Privacy and Data Protection by Design
  • 12. Privacy and Data Protection Model-driven Design PDP4E Data-oriented model Abstract data Structured data User defined data types Predefined types:  Table  DataLink  OpaqueData Table Import Data-oriented strategies:  Minimize  Separate  Abstract  Hide 2019/03/10 Privacy and Data Protection by Design
  • 13. Privacy and Data Protection Model-driven Design PDP4E Data-oriented strategies (27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
  • 14. Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity Quasi-identifiers  Models are associated to strategies  Implemented strategies help to improve models  Conformity with privacy principles PDP4E 14 2020/03/10 Privacy and Data Protection by Design
  • 15. Privacy and Data Protection Model-driven Design Built-in techniques: K-anonymity  2-Anonymized table PDP4E 15 2020/03/10 Privacy and Data Protection by Design
  • 16. Privacy and Data Protection Model-driven Design PDP4E Process-oriented model DFD implementation:  External entities  Data stores  Processes  Directed data flows DFD Refinement  DFD-L0 to DFD-L1 Data-oriented strategies:  Inform  Control  Enforce  Demonstrate Level 0 DFD 2019/03/10 Level 1 DFD Strategies dialog Privacy and Data Protection by Design
  • 17. Privacy and Data Protection Model-driven Design Implementation of a Data Flow Diagram (DFD)  Process  External Entities  Data Store  Data Flow Edges  Input / Output Pins PDP4E 17 2020/03/10 Privacy and Data Protection by Design
  • 18. Privacy and Data Protection Model-driven Design PDP4E Process-oriented strategies (ISO 27550 – Privacy Engineering) 2019/03/10 Privacy and Data Protection by Design
  • 19. Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern  The pattern introduces GDPR consent notions  The pattern is applied on a target DFD model  Instantiation guidance for the user PDP4E 19 2020/03/10 Conditions for Consent (GDPR): Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. Privacy and Data Protection by Design
  • 20. Privacy and Data Protection Model-driven Design Built-in technique: Consent Pattern Instantiation  Detailed view PDP4E 20 2020/03/10 Privacy and Data Protection by Design
  • 21. Privacy and Data Protection Model-driven Design Architecture model  Components supporting –functional- processes and tasks  Detailed view of components  Vulnerabilities  Privacy measures (PETS)  Technology  Subcomponents  Ports  Connectors PDP4E 21 2020/03/10 Privacy and Data Protection by Design
  • 22. Privacy and Data Protection Model-driven Design Built-in technique: Process-to-Architecture Allocation  Generate functional architecture aligned to DFD  Manually explore allocation: Process/Tasks  Component/subcomponent  Reference to external artefacts, e.g., code  PDP4E 22 2020/03/10 Privacy and Data Protection by Design
  • 23. PDPbD Framework 2019/03/10 WP5 PDP4E Module for Code Validation Julien Signoles (CEA)
  • 24. Current status and perspectives PDP4E Deliverables available in (https://pdp4e-project.eu) Task 5.1:  D5.4 Specification of the method for Privacy and Data Protection by Design (M14) Task 5.2:  D5.1, D5.2 Specification of PDPbD Framework (M14, M18) Task 5.3:  D5.6 First release of the PDPbD Framework (M18)  Perspectives: Framework validation through Smart Grid Case Study Consolidation of the PDPbD Framework Dissemination and exploitation through publications and meetups 2019/03/10 WP5
  • 25. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.org Thank you for your attention Questions? WP Leader: CEA gabriel.pedroza@cea.fr