SlideShare uma empresa Scribd logo

Privacy Data Protection for Engineers - PDP4E

Transferir como PPTX, PDF
Privacy Data Protection for Engineering
Privacy Data Protection for Engineering

Main Description of project PDP4E of H2020 which tackle the compliance of GDPR through engineering by providing methods and tools to achieve this goal.

Engenharia
1 de 19
PDP4E Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Project Official Presentation Coordinator: Trialog (Antonio Kung) Scientific&Technical leader: UPM (Yod Samuel Martin) 3 Jul 2018 PDP4E Official PDP4E H2020 Program
PDP4E Outcome  Mission & Consortium  Objectives  Context  Challenge of GDPR  What engineers get  What engineers need  Contribution  Risk Management  Requirements Engineering  Model-driven Design  Assurance  Method Engineering  Implementation  WorkPlan  Milestones  Validation, demonstration and exploitation 3 Jul 2018 PDP4E Official PDP4E
PDP4E Mission & Consortium  Mission: provide methods and software tools to  systematically apply data protection principles  And comply with the General Data Protection Regulation (GDPR)  Partners  Trialog (FR)  UPM (ES)  Eclipse foundation (DE)  CEA (FR)  CA (ES)  Tecnalia (ES)  KU Leuven (BE)  U.Duisburg-Essen (DE) 3 Jul 2018 PDP4E Official PDP4E
PDP4E Objectives  O1: Privacy by design and data protection in existing mainstream software and system engineering tools  risk management (MUSA DST)  requirements management (Papyrus 4 Req)  design and modelling (Papyrus)  assurance (OpenCert)  O2: Privacy by design and data protection activities in existing mainstream software and system engineering methods  LINDDUN, PRIPARE, PROPAN, UML4PF  ISO 15288, OASIS PMRM, ISO 29134, ISO 27550 3 Jul 2018 PDP4E Official PDP4E
PDP4E Objectives  O3: Knowledge repositories  operational data protection requirements  data protection risks, threats and solutions  privacy patterns  assurance reference frameworks  O4: Fostering mainstream tools  Open source toolset EPL (Eclipse Public License)  Adaptability, flexibility and interoperability of PDP4E toolset  MDE approach  standard interchange formats 3 Jul 2018 PDP4E Official PDP4E
PDP4E Objectives  O5: Increase privacy and data protection engineering practice  IPEN  Creation of an Alliance for Privacy and Data Protection Engineering  Standardisation  O6: Two demonstration pilots  Fintech applications and services  Big data on smart grid 3 Jul 2018 PDP4E Official PDP4E
PDP4E CONTEXT: GDPR Challenge  What engineers get… 3 Jul 2018 PDP4E Official PDP4E  What engineers want…
PDP4E CONTEXT: What engineers need  Endow engineers with privacy and data protection tools aligned to their mindset 3 Jul 2018 PDP4E Official PDP4E Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools  Engineers are not privacy experts, yet they will face privacy issues (even if they may get expert advice)  Privacy adoption entails for methods and tools integrated within the large heritage of software & systems engineering 1. Seamlessly include privacy into software & system engineering tools 2. Integrate privacy activities into the SDLC stages 3. Provide a readily available body of knowledge with existent wisdom 4. Foster a community of privacy engineering
PDP4E CONTEXT: What engineers need  Endow engineers with privacy and data protection tools aligned to their mindset 3 Jul 2018 PDP4E Official PDP4E Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Metamodels Knowledge Bases Smart grid demonstrator Fintech demonstrator Requirements engineering Risk management Model-driven design Assurance and certification TRL6 TRL7Byproducts
PDP4E CONTRIBUTION: Risk Management 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Risk Management Support execution of (D)PIAs • Identify personal data categories • Identify threats • Estimate risk factors • Evaluate and prioritize risks • Address risks: choice of controls, countermeasures, PETs • Document risks and risk management Multilateral security risk management • Security impact analysis • Derived business risks • Compensations and fines • Vendor Relationship Management Identify, assess, evaluate and mitigate risks for the data subjects. Knowledge base of threats and countermeasures. Data protection impact assessments (art. 35, besides WP29 guidelines on DPIA⇗, rec. 84, 89-93) from an engineering perspective, including the determination of a need for a DPIA, the identification of threats, their likelihood and impact; the elicitation of mitigation countermeasures, etc. Mapping between privacy and security risk assessments. Security impact assessment (art. 32.2.) Impact analysis for the business. Right to compensation and liability (art. 82), conditions for administrative fines (art. 83).
PDP4E CONTRIBUTION: from Requirements Engineering 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Requirements Engineering Requirements elicitation: • Regulations (GDPR): principles, rights, obligations, measures • Standards (ISO29100) • Privacy goals and properties Techniques • Problem-frame based techniques • Operationalization process • Privacy patterns Model-based methods and tools to specify regulatory constraints and privacy principles, and operationalize them into solution-oriented requirements (privacy controls). Requirements management, analysis, traceability and validation. Knowledge base of data protection and privacy requirements and controls. Principles relating to processing of personal data (Chapter 2), rights of the data subject (Chapter 3), obligations and responsibility of controllers and processors (Chapter 4, esp. art. 24 – 34) including technical and organisational measures (art. 24) and security (art. 32.1, especially par. d about assessment) [All these sections establish requirements with technical impact that need to be operationalized]. Requirements may also be derived from WP29/EDPB guidance (art. 70), codes of conduct (art. 40, 41), certifications (art. 42), binding corporate rules (art. 47) and derogations and exemptions anticipated by GDPR (art. 9.4, art. 49, Chapter 10, etc.)
PDP4E CONTRIBUTION: from Model-Driven Design 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Model- Driven Design Data mapping and inventory Enriched models •structural (categories and properties) •behavioural (processing activities) •architectural (deployment) Architectural analysis and strategies •Minimization •Separation •Aggregation Model-based Testing Elicitation of personal information categories stored in legacy data sources. Annotation of system models with information regarding personal data (data models), processing activities (process models) and processing location (component models) Identify processing of personal data subject to GDPR according to subject matter (art. 1), material scope (art. 2) and definitions (art.4). Prerequisite to provide engineering support to user rights especially right of access (art. 15), rectification (art. 16), right to be forgotten (art. 17) and data portability (Art 20, also aligned to the respective WP29 opinion⇗); and data protection principles esp. lawfulness (art. 6-15), purpose limitation (art. 5.1.b, 6, 14) and accuracy (art. 5.1.d). Prerequisite to provide engineering support to restrictions of processing (art. 18, art.58.2.f), right to object (art. 21), and constraints to right to erasure (art. 17) and data portability (art. 20). Analysis of annotated system models against the alignment to privacy and data protection principles, regulations and strategies; and transformation of those models when possible so as to comply with or apply such principles. Principles of data minimisation (art. 5.1.c), pseudonymisation (art.4.5, art. 25), and confidentiality (art. 5.1.f), and controls for those aims (art. 25, art. 32). Minimisation in relation to the assessment of necessity and proportionality (art. 35.7.b). Obligations of processors (art. 28) and international transfers (art. 45, 46, 47, 49).
PDP4E CONTRIBUTION: from Assurance 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Assurance Reusable models • Processing activities • Protection activities Regulatory framework model • People: roles • Processes and activities • Product formal requirements) Demonstrate compliance • Capture evidence • Associate to reqs and artefacts • Trace to regulation • Argument compliance Supports • Accountability • Transparency • Intervenability • Certification Assurance process to demonstrate compliance with data protection regulation. Principle of accountability (art. 5.2), and principle of transparency (art. 5.1.a, art. 12). Record of evidence of technical and organisational measures (art. 24, art. 32, art. 28.3.c), especially assessment of the effectiveness of measures (art 32.1.d) Record of evidence of data protection impact assessment results (art. 35), of measures envisaged (art. 35.7.d) and impact of evidence changes (art. 35.11). Assistance of processors to demonstrate compliance (art. 28.3) Certification (art. 42). Adherence to codes of conduct and certifications as proof of compliance (art 24.3, 25.3, 28.5, 28.6, 32.3). Records of processing activities (art. 30) and specially measures taken (art. 30.1.g, 30.2.d). Metamodels for data- protection regulatory framework and their interpretations and knowledge base (including model for GDPR and WP29/EDBP guidance) Vocabulary to model GDPR general provisions (Chapter 1); models of processes and constraints established throughout GDPR; data protection policies (Art. 24.2). Interpretation in the form of WP29/EDPB guidance (art.70), and derogations and exemptions (art. 49, Ch. 10) Co-regulation methods expected by GDPR: codes of conduct (art. 40, 41), certification (art. 42), binding corporate rules (art. 47).
PDP4E CONTRIBUTION: from Method Engineering 3 Jul 2018 PDP4E Official PDP4E PDP Method engineering Privacy Method Engineering • Putting it all together • Dependencies between one another • Methodologies and method fragments: work products, roles, tools, tasks, activities, processes • Activities: management, analysis, design, implementation, testing, deployment, operation, maintenance, and disposal Adaptability • Development methodologies or SDLC • Software engineering tools • Regulations (WP29/EDPB guidance, codes of conduct, derogations, non- EU…) Inherent toolset flexibility • Modularity and loose coupling • MDE and metamodelling • Evolving knowledge base • Flexible background tools • Open-source distribution • Flexible methodology
PDP4E Implementation: WorkPlan 3 Jul 2018 PDP4E Official PDP4E WP2: Specification and architecture of methodsand tools for Data Protection Engineering WP7: Validation, demonstration and exploitation WP1: Project management and governance WP8: Dissemination, communication and liaison Development of methods and tools for Data Protection EngineeringDevelopment of methods and tools for Data Protection Engineering WP5: Methodsand tools for data protection model-driven design WP6: Methodsand tools for data protection assurance WP4: Methodsand tools for data protection requirem. engineering WP3: Methodsand tools for data protection risk management
PDP4E 3 May 2018 - Kickoff meeting PDP4E Madrid PDP4E
PDP4E Implementation: Milestones 3 Jul 2018 PDP4E Official PDP4E No. Name Related WP(s) Due date MS1 Multi-stakeholder specification available WP2 M5 MS2 Architecture and design of tools finalised WP2-3-4-5-6 M10 MS3 First release of tools and methods ready for the pilots WP3-4-5-6 M16 MS4 First user validation WP7 M18 MS5 Final release of tools and methods WP3-4-5-6 M30 MS6 Final validation and demonstration WP7 M33
PDP4E Validation, demonstration and exploitation 3 Jul 2018 PDP4E Official PDP4E Alliance for Privacy and Data Protection Engineering Requirements capture and validation • Developers • End-users • Legal Demonstration pilots • Fintech pilot • Smart-grid pilot Legal End-users Developpers Legal End-users Developpers
PDP4E Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.eu Thanks for your attention Questions? Coordinator Antonio Kung (Trialog) Antonio.kung@trialog.com 3 Jul 2018 PDP4E Official PDP4E

Recomendados

Ipen2018
Ipen2018Ipen2018
Ipen2018Privacy Data Protection for Engineering
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 
Granular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungGranular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungPrivacy Data Protection for Engineering
 
Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Privacy Data Protection for Engineering
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Privacy Data Protection for Engineering
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizPrivacy Data Protection for Engineering
 
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Privacy Data Protection for Engineering
 
Wp6 public
Wp6 publicWp6 public
Wp6 publicPrivacy Data Protection for Engineering
 

Recomendados

Ipen2018
Ipen2018Ipen2018
Ipen2018Privacy Data Protection for Engineering
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 
Granular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungGranular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungPrivacy Data Protection for Engineering
 
Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Privacy Data Protection for Engineering
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Privacy Data Protection for Engineering
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizPrivacy Data Protection for Engineering
 
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Privacy Data Protection for Engineering
 
Wp6 public
Wp6 publicWp6 public
Wp6 publicPrivacy Data Protection for Engineering
 
Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10Privacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentationPrivacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_dPrivacy Data Protection for Engineering
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019Privacy Data Protection for Engineering
 
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020Privacy Data Protection for Engineering
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES.eu
 
MECATECH, building the Future
MECATECH, building the FutureMECATECH, building the Future
MECATECH, building the FutureAgence du Numérique (AdN)
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)ijwscjournal
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeAgence du Numérique (AdN)
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijdms
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)ijwscjournal
 
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsTowards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsAgence du Numérique (AdN)
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijwscjournal
 
Multitel Cybersecurity Projects
Multitel Cybersecurity ProjectsMultitel Cybersecurity Projects
Multitel Cybersecurity ProjectsAgence du Numérique (AdN)
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijdms
 
Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...Brussels Legal Hackers
 

Mais conteúdo relacionado

Mais procurados

e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES.eu
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)ijwscjournal
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeAgence du Numérique (AdN)
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijdms
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)ijwscjournal
 
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsTowards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsAgence du Numérique (AdN)
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijwscjournal
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)ijdms
 

Mais procurados (20)

Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentation
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitch
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_d
 
Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forum
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1
 
Pdp4e IPEN-2019
Pdp4e IPEN-2019Pdp4e IPEN-2019
Pdp4e IPEN-2019
 
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
 
MECATECH, building the Future
MECATECH, building the FutureMECATECH, building the Future
MECATECH, building the Future
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
 
Lightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edgeLightkone project : Lightweight computation for networks at the edge
Lightkone project : Lightweight computation for networks at the edge
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
International Conference on Big Data, IoT and Machine Learning (BIOM 2021)
 
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation SystemsTowards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
Towards Large-Scale, High-Density Indoor Ultra Wideband Geolocation Systems
 
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2 nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 
Multitel Cybersecurity Projects
Multitel Cybersecurity ProjectsMultitel Cybersecurity Projects
Multitel Cybersecurity Projects
 
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
2nd International Conference on Cloud, Big Data and IoT (CBIoT 2021)
 

Semelhante a Privacy Data Protection for Engineers - PDP4E

Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project DEFeND Project
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...Brussels Legal Hackers
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
 
Design Principles and a Software Reference Architecture for Big Data Question...
Design Principles and a Software Reference Architecture for Big Data Question...Design Principles and a Software Reference Architecture for Big Data Question...
Design Principles and a Software Reference Architecture for Big Data Question...Leonardo Moraes
 
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS cscpconf
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsIRJET Journal
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Consulting
 
Privacy Requirements Engineering in Agile Software Development
Privacy Requirements Engineering in Agile Software DevelopmentPrivacy Requirements Engineering in Agile Software Development
Privacy Requirements Engineering in Agile Software DevelopmentRequirementsEngineeringLaboratory
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
Organizing Master Data Management
Organizing Master Data ManagementOrganizing Master Data Management
Organizing Master Data ManagementBoris Otto
 
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Codemotion
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016Elsa Prieto
 
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES.eu
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 

Semelhante a Privacy Data Protection for Engineers - PDP4E (20)

Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project Mcis 2018 DEFeND Project
Mcis 2018 DEFeND Project
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_study
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
Design Principles and a Software Reference Architecture for Big Data Question...
Design Principles and a Software Reference Architecture for Big Data Question...Design Principles and a Software Reference Architecture for Big Data Question...
Design Principles and a Software Reference Architecture for Big Data Question...
 
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS
DATA SCIENCE METHODOLOGY FOR CYBERSECURITY PROJECTS
 
DPO Circle 2018
DPO Circle 2018 DPO Circle 2018
DPO Circle 2018
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
 
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah HurleyCedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
Cedar Day 2018 - Is Your PeopleSoft Ready for the GDPR - Sarah Hurley
 
Privacy Requirements Engineering in Agile Software Development
Privacy Requirements Engineering in Agile Software DevelopmentPrivacy Requirements Engineering in Agile Software Development
Privacy Requirements Engineering in Agile Software Development
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Organizing Master Data Management
Organizing Master Data ManagementOrganizing Master Data Management
Organizing Master Data Management
 
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018 e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
e-SIDES workshop at EBDVF 2018, Vienna 14/11/2018
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 

Último

computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction managementMariconPadriquez1
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvLewisJB
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfROCENODodongVILLACER
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort servicejennyeacort
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.eptoze12
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfme23b1001
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncssuser2ae721
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidNikhilNagaraju
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxPoojaBan
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxPurva Nikam
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Satyam Kumar
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleAlluxio, Inc.
 
Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniquesugginaramesh
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxKartikeyaDwivedi3
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfAsst.prof M.Gokilavani
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxk795866
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 

Último (20)

computer application and construction management
computer application and construction managementcomputer application and construction management
computer application and construction management
 
Work Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvvWork Experience-Dalton Park.pptxfvvvvvvv
Work Experience-Dalton Park.pptxfvvvvvvv
 
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
young call girls in Rajiv Chowk🔝 9953056974 🔝 Delhi escort Service
 
Risk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdfRisk Assessment For Installation of Drainage Pipes.pdf
Risk Assessment For Installation of Drainage Pipes.pdf
 
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort serviceGurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
Gurgaon ✡️9711147426✨Call In girls Gurgaon Sector 51 escort service
 
Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.Oxy acetylene welding presentation note.
Oxy acetylene welding presentation note.
 
Electronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdfElectronically Controlled suspensions system .pdf
Electronically Controlled suspensions system .pdf
 
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
🔝9953056974🔝!!-YOUNG call girls in Rajendra Nagar Escort rvice Shot 2000 nigh...
 
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsyncWhy does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
Why does (not) Kafka need fsync: Eliminating tail latency spikes caused by fsync
 
main PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfidmain PPT.pptx of girls hostel security using rfid
main PPT.pptx of girls hostel security using rfid
 
Heart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptxHeart Disease Prediction using machine learning.pptx
Heart Disease Prediction using machine learning.pptx
 
An introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptxAn introduction to Semiconductor and its types.pptx
An introduction to Semiconductor and its types.pptx
 
Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .Churning of Butter, Factors affecting .
Churning of Butter, Factors affecting .
 
Correctly Loading Incremental Data at Scale
Correctly Loading Incremental Data at ScaleCorrectly Loading Incremental Data at Scale
Correctly Loading Incremental Data at Scale
 
Comparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization TechniquesComparative Analysis of Text Summarization Techniques
Comparative Analysis of Text Summarization Techniques
 
POWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examplesPOWER SYSTEMS-1 Complete notes examples
POWER SYSTEMS-1 Complete notes examples
 
Concrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptxConcrete Mix Design - IS 10262-2019 - .pptx
Concrete Mix Design - IS 10262-2019 - .pptx
 
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdfCCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
CCS355 Neural Network & Deep Learning UNIT III notes and Question bank .pdf
 
Introduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptxIntroduction-To-Agricultural-Surveillance-Rover.pptx
Introduction-To-Agricultural-Surveillance-Rover.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 

Privacy Data Protection for Engineers - PDP4E

  • 1. PDP4E Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Project Official Presentation Coordinator: Trialog (Antonio Kung) Scientific&Technical leader: UPM (Yod Samuel Martin) 3 Jul 2018 PDP4E Official PDP4E H2020 Program
  • 2. PDP4E Outcome  Mission & Consortium  Objectives  Context  Challenge of GDPR  What engineers get  What engineers need  Contribution  Risk Management  Requirements Engineering  Model-driven Design  Assurance  Method Engineering  Implementation  WorkPlan  Milestones  Validation, demonstration and exploitation 3 Jul 2018 PDP4E Official PDP4E
  • 3. PDP4E Mission & Consortium  Mission: provide methods and software tools to  systematically apply data protection principles  And comply with the General Data Protection Regulation (GDPR)  Partners  Trialog (FR)  UPM (ES)  Eclipse foundation (DE)  CEA (FR)  CA (ES)  Tecnalia (ES)  KU Leuven (BE)  U.Duisburg-Essen (DE) 3 Jul 2018 PDP4E Official PDP4E
  • 4. PDP4E Objectives  O1: Privacy by design and data protection in existing mainstream software and system engineering tools  risk management (MUSA DST)  requirements management (Papyrus 4 Req)  design and modelling (Papyrus)  assurance (OpenCert)  O2: Privacy by design and data protection activities in existing mainstream software and system engineering methods  LINDDUN, PRIPARE, PROPAN, UML4PF  ISO 15288, OASIS PMRM, ISO 29134, ISO 27550 3 Jul 2018 PDP4E Official PDP4E
  • 5. PDP4E Objectives  O3: Knowledge repositories  operational data protection requirements  data protection risks, threats and solutions  privacy patterns  assurance reference frameworks  O4: Fostering mainstream tools  Open source toolset EPL (Eclipse Public License)  Adaptability, flexibility and interoperability of PDP4E toolset  MDE approach  standard interchange formats 3 Jul 2018 PDP4E Official PDP4E
  • 6. PDP4E Objectives  O5: Increase privacy and data protection engineering practice  IPEN  Creation of an Alliance for Privacy and Data Protection Engineering  Standardisation  O6: Two demonstration pilots  Fintech applications and services  Big data on smart grid 3 Jul 2018 PDP4E Official PDP4E
  • 7. PDP4E CONTEXT: GDPR Challenge  What engineers get… 3 Jul 2018 PDP4E Official PDP4E  What engineers want…
  • 8. PDP4E CONTEXT: What engineers need  Endow engineers with privacy and data protection tools aligned to their mindset 3 Jul 2018 PDP4E Official PDP4E Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools  Engineers are not privacy experts, yet they will face privacy issues (even if they may get expert advice)  Privacy adoption entails for methods and tools integrated within the large heritage of software & systems engineering 1. Seamlessly include privacy into software & system engineering tools 2. Integrate privacy activities into the SDLC stages 3. Provide a readily available body of knowledge with existent wisdom 4. Foster a community of privacy engineering
  • 9. PDP4E CONTEXT: What engineers need  Endow engineers with privacy and data protection tools aligned to their mindset 3 Jul 2018 PDP4E Official PDP4E Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Metamodels Knowledge Bases Smart grid demonstrator Fintech demonstrator Requirements engineering Risk management Model-driven design Assurance and certification TRL6 TRL7Byproducts
  • 10. PDP4E CONTRIBUTION: Risk Management 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Risk Management Support execution of (D)PIAs • Identify personal data categories • Identify threats • Estimate risk factors • Evaluate and prioritize risks • Address risks: choice of controls, countermeasures, PETs • Document risks and risk management Multilateral security risk management • Security impact analysis • Derived business risks • Compensations and fines • Vendor Relationship Management Identify, assess, evaluate and mitigate risks for the data subjects. Knowledge base of threats and countermeasures. Data protection impact assessments (art. 35, besides WP29 guidelines on DPIA⇗, rec. 84, 89-93) from an engineering perspective, including the determination of a need for a DPIA, the identification of threats, their likelihood and impact; the elicitation of mitigation countermeasures, etc. Mapping between privacy and security risk assessments. Security impact assessment (art. 32.2.) Impact analysis for the business. Right to compensation and liability (art. 82), conditions for administrative fines (art. 83).
  • 11. PDP4E CONTRIBUTION: from Requirements Engineering 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Requirements Engineering Requirements elicitation: • Regulations (GDPR): principles, rights, obligations, measures • Standards (ISO29100) • Privacy goals and properties Techniques • Problem-frame based techniques • Operationalization process • Privacy patterns Model-based methods and tools to specify regulatory constraints and privacy principles, and operationalize them into solution-oriented requirements (privacy controls). Requirements management, analysis, traceability and validation. Knowledge base of data protection and privacy requirements and controls. Principles relating to processing of personal data (Chapter 2), rights of the data subject (Chapter 3), obligations and responsibility of controllers and processors (Chapter 4, esp. art. 24 – 34) including technical and organisational measures (art. 24) and security (art. 32.1, especially par. d about assessment) [All these sections establish requirements with technical impact that need to be operationalized]. Requirements may also be derived from WP29/EDPB guidance (art. 70), codes of conduct (art. 40, 41), certifications (art. 42), binding corporate rules (art. 47) and derogations and exemptions anticipated by GDPR (art. 9.4, art. 49, Chapter 10, etc.)
  • 12. PDP4E CONTRIBUTION: from Model-Driven Design 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Model- Driven Design Data mapping and inventory Enriched models •structural (categories and properties) •behavioural (processing activities) •architectural (deployment) Architectural analysis and strategies •Minimization •Separation •Aggregation Model-based Testing Elicitation of personal information categories stored in legacy data sources. Annotation of system models with information regarding personal data (data models), processing activities (process models) and processing location (component models) Identify processing of personal data subject to GDPR according to subject matter (art. 1), material scope (art. 2) and definitions (art.4). Prerequisite to provide engineering support to user rights especially right of access (art. 15), rectification (art. 16), right to be forgotten (art. 17) and data portability (Art 20, also aligned to the respective WP29 opinion⇗); and data protection principles esp. lawfulness (art. 6-15), purpose limitation (art. 5.1.b, 6, 14) and accuracy (art. 5.1.d). Prerequisite to provide engineering support to restrictions of processing (art. 18, art.58.2.f), right to object (art. 21), and constraints to right to erasure (art. 17) and data portability (art. 20). Analysis of annotated system models against the alignment to privacy and data protection principles, regulations and strategies; and transformation of those models when possible so as to comply with or apply such principles. Principles of data minimisation (art. 5.1.c), pseudonymisation (art.4.5, art. 25), and confidentiality (art. 5.1.f), and controls for those aims (art. 25, art. 32). Minimisation in relation to the assessment of necessity and proportionality (art. 35.7.b). Obligations of processors (art. 28) and international transfers (art. 45, 46, 47, 49).
  • 13. PDP4E CONTRIBUTION: from Assurance 3 Jul 2018 PDP4E Official PDP4E Methods & tools for PDP Assurance Reusable models • Processing activities • Protection activities Regulatory framework model • People: roles • Processes and activities • Product formal requirements) Demonstrate compliance • Capture evidence • Associate to reqs and artefacts • Trace to regulation • Argument compliance Supports • Accountability • Transparency • Intervenability • Certification Assurance process to demonstrate compliance with data protection regulation. Principle of accountability (art. 5.2), and principle of transparency (art. 5.1.a, art. 12). Record of evidence of technical and organisational measures (art. 24, art. 32, art. 28.3.c), especially assessment of the effectiveness of measures (art 32.1.d) Record of evidence of data protection impact assessment results (art. 35), of measures envisaged (art. 35.7.d) and impact of evidence changes (art. 35.11). Assistance of processors to demonstrate compliance (art. 28.3) Certification (art. 42). Adherence to codes of conduct and certifications as proof of compliance (art 24.3, 25.3, 28.5, 28.6, 32.3). Records of processing activities (art. 30) and specially measures taken (art. 30.1.g, 30.2.d). Metamodels for data- protection regulatory framework and their interpretations and knowledge base (including model for GDPR and WP29/EDBP guidance) Vocabulary to model GDPR general provisions (Chapter 1); models of processes and constraints established throughout GDPR; data protection policies (Art. 24.2). Interpretation in the form of WP29/EDPB guidance (art.70), and derogations and exemptions (art. 49, Ch. 10) Co-regulation methods expected by GDPR: codes of conduct (art. 40, 41), certification (art. 42), binding corporate rules (art. 47).
  • 14. PDP4E CONTRIBUTION: from Method Engineering 3 Jul 2018 PDP4E Official PDP4E PDP Method engineering Privacy Method Engineering • Putting it all together • Dependencies between one another • Methodologies and method fragments: work products, roles, tools, tasks, activities, processes • Activities: management, analysis, design, implementation, testing, deployment, operation, maintenance, and disposal Adaptability • Development methodologies or SDLC • Software engineering tools • Regulations (WP29/EDPB guidance, codes of conduct, derogations, non- EU…) Inherent toolset flexibility • Modularity and loose coupling • MDE and metamodelling • Evolving knowledge base • Flexible background tools • Open-source distribution • Flexible methodology
  • 15. PDP4E Implementation: WorkPlan 3 Jul 2018 PDP4E Official PDP4E WP2: Specification and architecture of methodsand tools for Data Protection Engineering WP7: Validation, demonstration and exploitation WP1: Project management and governance WP8: Dissemination, communication and liaison Development of methods and tools for Data Protection EngineeringDevelopment of methods and tools for Data Protection Engineering WP5: Methodsand tools for data protection model-driven design WP6: Methodsand tools for data protection assurance WP4: Methodsand tools for data protection requirem. engineering WP3: Methodsand tools for data protection risk management
  • 16. PDP4E 3 May 2018 - Kickoff meeting PDP4E Madrid PDP4E
  • 17. PDP4E Implementation: Milestones 3 Jul 2018 PDP4E Official PDP4E No. Name Related WP(s) Due date MS1 Multi-stakeholder specification available WP2 M5 MS2 Architecture and design of tools finalised WP2-3-4-5-6 M10 MS3 First release of tools and methods ready for the pilots WP3-4-5-6 M16 MS4 First user validation WP7 M18 MS5 Final release of tools and methods WP3-4-5-6 M30 MS6 Final validation and demonstration WP7 M33
  • 18. PDP4E Validation, demonstration and exploitation 3 Jul 2018 PDP4E Official PDP4E Alliance for Privacy and Data Protection Engineering Requirements capture and validation • Developers • End-users • Legal Demonstration pilots • Fintech pilot • Smart-grid pilot Legal End-users Developpers Legal End-users Developpers
  • 19. PDP4E Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering For more information, visit: www.pdp4e-project.eu Thanks for your attention Questions? Coordinator Antonio Kung (Trialog) Antonio.kung@trialog.com 3 Jul 2018 PDP4E Official PDP4E