Using Models to Enable Compliance Checking against the GDPR: An Experience Report

Damiano Torre, Ghanem Soltana, Mehrdad Sabetzadeh, Lionel C. Briand, Yuri Auffinger, Peter Goes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The General Data Protection Regulation (GDPR) harmonizes data privacy laws and regulations across Europe. Through the GDPR, individuals are able to better control their personal data in the face of new technological developments. While the GDPR is highly advantageous to individuals, complying with it poses major challenges for organizations that control or process personal data. Since no automated solution with broad industrial applicability currently exists for GDPR compliance checking, organizations have no choice but to perform costly manual audits to ensure compliance. In this paper, we share our experience building a UML representation of the GDPR as a first step towards the development of future automated methods for assessing compliance with the GDPR. Given that a concrete implementation of the GDPR is affected by the national laws of the EU member states, GDPR's expanding body of case law and other contextual information, we propose a two-tiered representation of the GDPR: a generic tier and a specialized tier. The generic tier captures the concepts and principles of the GDPR that apply to all contexts, whereas the specialized tier describes a specific tailoring of the generic tier to a given context, including the contextual variations that may impact the interpretation and application of the GDPR. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.

Original languageEnglish
Title of host publicationProceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
EditorsMarouane Kessentini, Tao Yue, Tao Yue, Alexander Pretschner, Sebastian Voss, Loli Burgueno, Loli Burgueno
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-11
Number of pages11
ISBN (Electronic)9781728125350
DOIs
Publication statusPublished - Sep 2019
Externally publishedYes
Event22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019 - Munich, Germany
Duration: 15 Sep 201920 Sep 2019

Publication series

NameProceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019

Conference

Conference22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
Country/TerritoryGermany
CityMunich
Period15/09/1920/09/19

Keywords

  • General Data Protection Regulation
  • OCL
  • Regulatory Compliance
  • UML

Fingerprint

Dive into the research topics of 'Using Models to Enable Compliance Checking against the GDPR: An Experience Report'. Together they form a unique fingerprint.

Cite this