TY - GEN
T1 - Using Models to Enable Compliance Checking against the GDPR
T2 - 22nd ACM/IEEE International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
AU - Torre, Damiano
AU - Soltana, Ghanem
AU - Sabetzadeh, Mehrdad
AU - Briand, Lionel C.
AU - Auffinger, Yuri
AU - Goes, Peter
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/9
Y1 - 2019/9
N2 - The General Data Protection Regulation (GDPR) harmonizes data privacy laws and regulations across Europe. Through the GDPR, individuals are able to better control their personal data in the face of new technological developments. While the GDPR is highly advantageous to individuals, complying with it poses major challenges for organizations that control or process personal data. Since no automated solution with broad industrial applicability currently exists for GDPR compliance checking, organizations have no choice but to perform costly manual audits to ensure compliance. In this paper, we share our experience building a UML representation of the GDPR as a first step towards the development of future automated methods for assessing compliance with the GDPR. Given that a concrete implementation of the GDPR is affected by the national laws of the EU member states, GDPR's expanding body of case law and other contextual information, we propose a two-tiered representation of the GDPR: a generic tier and a specialized tier. The generic tier captures the concepts and principles of the GDPR that apply to all contexts, whereas the specialized tier describes a specific tailoring of the generic tier to a given context, including the contextual variations that may impact the interpretation and application of the GDPR. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.
AB - The General Data Protection Regulation (GDPR) harmonizes data privacy laws and regulations across Europe. Through the GDPR, individuals are able to better control their personal data in the face of new technological developments. While the GDPR is highly advantageous to individuals, complying with it poses major challenges for organizations that control or process personal data. Since no automated solution with broad industrial applicability currently exists for GDPR compliance checking, organizations have no choice but to perform costly manual audits to ensure compliance. In this paper, we share our experience building a UML representation of the GDPR as a first step towards the development of future automated methods for assessing compliance with the GDPR. Given that a concrete implementation of the GDPR is affected by the national laws of the EU member states, GDPR's expanding body of case law and other contextual information, we propose a two-tiered representation of the GDPR: a generic tier and a specialized tier. The generic tier captures the concepts and principles of the GDPR that apply to all contexts, whereas the specialized tier describes a specific tailoring of the generic tier to a given context, including the contextual variations that may impact the interpretation and application of the GDPR. We further present the challenges we faced in our modeling endeavor, the lessons we learned from it, and future directions for research.
KW - General Data Protection Regulation
KW - OCL
KW - Regulatory Compliance
KW - UML
UR - http://www.scopus.com/inward/record.url?scp=85076107479&partnerID=8YFLogxK
U2 - 10.1109/MODELS.2019.00-20
DO - 10.1109/MODELS.2019.00-20
M3 - Conference contribution
AN - SCOPUS:85076107479
T3 - Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
SP - 1
EP - 11
BT - Proceedings - 2019 ACM/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems, MODELS 2019
A2 - Kessentini, Marouane
A2 - Yue, Tao
A2 - Yue, Tao
A2 - Pretschner, Alexander
A2 - Voss, Sebastian
A2 - Burgueno, Loli
A2 - Burgueno, Loli
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 15 September 2019 through 20 September 2019
ER -