Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
GDPR Data Interoperability Model
Harshvardhan Pandit, Declan O’Sullivan,
Dave Lewis
ADAPT Centre, Trinity College Dublin
T...
www.adaptcentre.ieKey GDPR Provisions
International reach: data about any
EU citizen
Fines upto €20M or 4% of global
turno...
www.adaptcentre.ieData Subject Rights
Right to:
Information “concise, transparent,
intelligible and easily accessible”
Mak...
www.adaptcentre.ieApproach
Role of entities
Information flows
Interoperability reference points
Major data categories
Map ...
www.adaptcentre.ie
Data Controller
GDPR Roles and Processes
Compliance
SharingProcessing
Monitor & Control
dataset
workf
l...
www.adaptcentre.ieGDPR Data Interoperability Reference Model
Supervisory
Authority
Function
Data Controller
Function
Data ...
www.adaptcentre.ieInteroperability between Entitites
Entities
DS - Data Subject
DC - Data Controller
DP – Data Processor
S...
www.adaptcentre.ieMajor Interoperbility Data Categories
www.adaptcentre.ieW3C Open Data
• Open Data Standard for the
Web
• Resource Description
Framework
• Wide Adoption for Publ...
www.adaptcentre.ieOpen Science For GDPR Vocabularies
• Linkable RDF version of GDPR Text
• Consent Lifecycle Model
• Prove...
www.adaptcentre.ieConclusion & Futher Work
• Sufficient motivation for concerted efforts on GDPR interoperability
• Initia...
Upcoming SlideShare
Loading in …5
×

GDPR Data Interoperability Model

19 views

Published on

Conference paper
Harshvardhan J. Pandit, Declan O'Sullivan, Dave Lewis.
23rd EURAS Annual Standardisation Conference, Dublin, Ireland

Published in: Technology
  • Be the first to comment

  • Be the first to like this

GDPR Data Interoperability Model

  1. 1. GDPR Data Interoperability Model Harshvardhan Pandit, Declan O’Sullivan, Dave Lewis ADAPT Centre, Trinity College Dublin The ADAPT Centre is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.
  2. 2. www.adaptcentre.ieKey GDPR Provisions International reach: data about any EU citizen Fines upto €20M or 4% of global turnover Must Demonstrate compliance Processing lawful only through Informed Consent
  3. 3. www.adaptcentre.ieData Subject Rights Right to: Information “concise, transparent, intelligible and easily accessible” Make a subject access request Rectification Erasure Data portability Restrict access Object to processing Be inform who receives data
  4. 4. www.adaptcentre.ieApproach Role of entities Information flows Interoperability reference points Major data categories Map into Open Data models
  5. 5. www.adaptcentre.ie Data Controller GDPR Roles and Processes Compliance SharingProcessing Monitor & Control dataset workf lowworkf lowworkf low Third Party Data Controller Or Data Processor data rights Data Subject rights data Supervisory Authority complaints
  6. 6. www.adaptcentre.ieGDPR Data Interoperability Reference Model Supervisory Authority Function Data Controller Function Data Processor Function Data Management Function Data Subject Function DS-DP DS-DM DP-DM DP-DP DC-DP DS-DC DC-DCSA-DC DS-SA SA-SA DC-DM
  7. 7. www.adaptcentre.ieInteroperability between Entitites Entities DS - Data Subject DC - Data Controller DP – Data Processor SA – Supervisory Authority Interaction Type REQ(quirement) PROC(ess) DATA FORMAT
  8. 8. www.adaptcentre.ieMajor Interoperbility Data Categories
  9. 9. www.adaptcentre.ieW3C Open Data • Open Data Standard for the Web • Resource Description Framework • Wide Adoption for Public Datasets • Conservative in standardisation - horizontal vocabularies • Liberal in community-driven development, extension and interlinking of data vocabularies • Enterprise Linked Data for internal knowledge graphs https://lod-cloud.net/
  10. 10. www.adaptcentre.ieOpen Science For GDPR Vocabularies • Linkable RDF version of GDPR Text • Consent Lifecycle Model • Provenance Ontology Profile for GDPR compliance logging • Data Protection Profile of Open Digital Rights Language • Traceability extendable to: decisions, policies, guidance, Privacy Seal requirements • RDF as a common format process and data models – R2RML for uplift • SPARQL Queries and SHACL Constraints for compliance checks https://openscience.adaptcentre.ie/projects
  11. 11. www.adaptcentre.ieConclusion & Futher Work • Sufficient motivation for concerted efforts on GDPR interoperability • Initial Framework for Interoperability Reference Points for GDPR compliance processes • Focus on meta-data rather than the actual personal data • Propose an open data approach – leverages existing open standards for provenance, cataloguing, queries, constraints, deontic rules • Initiated an open science approach to fine-grained tracking of proposals against GDPR provisions and other regulatory/policy sources • Future Work: • Alignment with emerging open data research on data quality and data value • Standardisation avenues: W3C community group, ISO/IEC JTC1 SC42 “Trustworthy AI” study group

×