Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Antonio kung - pdp4e privacy engineering oxford sept 9 - v2

146 views

Published on

Presentation PDP4E, from GDPR to Privacy engineering, privacy by Design.

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

Antonio kung - pdp4e privacy engineering oxford sept 9 - v2

  1. 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Model-driven Engineering for Privacy Antonio Kung (Trialog) Data protection in real-time. Transforming privacy law into practice. Oxford – Sept 9th, 2019 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 1
  2. 2. From GDPR to Engineering 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 2
  3. 3. Privacy Engineering Software and System Engineering Practice Viewpoint Integration of privacy concerns 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 3 Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods
  4. 4. Privacy Engineering Guidelines Software and System Engineering Practice Viewpoint Integration of privacy concerns / Guidance 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 4 Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Guidance OASIS PMRM ISO/IEC 27550 ISO 31700
  5. 5. Privacy Engineering Methods and Tools Software and System Engineering Practice Viewpoint Integration of privacy concerns / Guidance Engineering workproducts represented by “models” 09/09/2019 Data protection in real-time. Transforming privacy law into practice Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Slide 5
  6. 6. Model engineering and Model-driven engineering 09/09/2019 Data protection in real-time. Transforming privacy law into practice Model engineering constructing proportionally-scaled miniature working representations of full-sized machines Model driven engineering expressing specifications through processable models. Diagram orientation (e.g. UML diagrams) Slide 6
  7. 7. What Model-driven Engineering is about 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 7 Process Input work products Output work products Knowledge Capability
  8. 8. Example Risk Management 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 8 Risk management process Description of system Description of risk sources and of consequences Knowledge Capability Regulation Threat Repository Methodology
  9. 9. Privacy Engineering: Four Main Processes 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 9 Model driven design Requirements engineering Assurance and certification Risk management
  10. 10. Model driven design Requirements engineering Assurance and certification Risk management Smart grid use case Connected vehicle use case Knowledge base Meta models PDP 4E Contribution 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 10
  11. 11. Privacy Engineering: Four Main Processes 09/09/2019 Data protection in real-time. Transforming privacy law into practice System Models Requirements Threats, Controls… Reqs., Controls…Privacy Controls Evidences Risk Management Model-Driven Design Requirements Engineering Assurance Regulation, Ass. Patterns Threats, Controls… Reqs., Controls… Patterns… Slide 11
  12. 12. Synergy Risk + Goal Risk orientation From threats to measures Goal orientation From principles to measures Example of goals  Transparency  Empowerment  Consent 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 12 System Models Risk Management Model-Driven Design Threats, Controls… Patterns…
  13. 13. Assurance Assurance Verifying that systems meets specification Privacy assurance Sufficiency of measures (technical and organisational)  if measures do what they claim to do, then threats to assets are countered Correctness  Measures do what they claim to do 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 13 Requirements Reqs., Controls…Privacy Controls Evidences Requirements Engineering Assurance Regulation, Ass. Patterns Reqs., Controls…
  14. 14. Risk Management in PDP4E : MUSA (BeAwre) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 14
  15. 15. Input to requirements engineering in PDP4E: Papyrus (CEA) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 15
  16. 16. Requirement engineering method in PDP4E: Propan (U.Duisbourg) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X Slide 16
  17. 17. Assurance in PDP4E: OpenCert (Technalia) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 17 Goal Structuring Notation (GSN) – a graphical argumentation notation
  18. 18. Personal data detector Model-driven design in PDP4E: Papyrus (CEA) 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 18 Code verification and validation Model transformation Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100)
  19. 19. Future work / Challenges Complete toolset Create a community and share IPEN community (Internet Privacy Engineering Network)  Share tools  Share models Challenges System of systems risk management System of systems model driven design System of systems requirements engineering System of systems assurance 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 19
  20. 20. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Thank you for your attention Questions? For more information, visit: www.pdp4e-project.org Contact points Antonio Kung (Trialog) Antonio.kung@trialog.com Yod Samuel Martín (UPM) ys.martin@upm.es 09/09/2019 Data protection in real-time. Transforming privacy law into practice Slide 20

×