Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - SMOOTH (GDPR Compliance Cloud Platform for Micro Enterprises)

Teaser

SMOOTH aims to assist micro-enterprises to comply with key requirements of the GDPR by designing and implementing an easy-to-use and affordable cloud-based platform service. Due to their lack of data protection expertise and limited resources, micro-enterprises are...

Summary

SMOOTH aims to assist micro-enterprises to comply with key requirements of the GDPR by designing and implementing an easy-to-use and affordable cloud-based platform service. Due to their lack of data protection expertise and limited resources, micro-enterprises are particularly vulnerable in the implementation of the GDPR. By assisting these enterprises to adopt the GDPR, SMOOTH ultimately aims to safeguard citizens’ rights to data protection and privacy, protect micro-enterprises from the negative consequences of non-compliance and, by extension, benefit the European society.
In order to achieve the overarching objective, SMOOTH will develop advanced technologies for automatically assessing compliance with key elements of the GDPR commonly applying to micro-enterprises.
The technologies to be developed are:
- SMOOTEXT: Automated analysis of key text documents related to the protection of personal data: privacy policies, cookie notices, informed consent forms
- SMOODATA: Automated analysis of MEnts personal data repositories, to identify the presence of personal data, type of data and compliance with the data minimisation and storage limitation principles
- SMONLINE: Automated analysis of personal data collection and exploitation from websites and mobile apps

Work performed

The current reporting period falls into the Phase I of the project and the main focus of the work carried out has been for:
Requirements definition: An exhaustive complete set of the GDPR requirements impacting MEnts has been analysed by KUL, AEPD and DVI as SMOOTH legal experts. ESBA and FBOX have given feedback for compiling the functional requirements as MEnts representatives. The technical partners, have translated GDPR legal and functional requirements into technical requirements that have guided the design of the technical solution.
Design of the GDPR Interactive Handbook: It has been designed an entry questionnaire that covers legal aspects and contextual information to improve the performance of the technical algorithms and software. It is intended to be used by non GDPR experts and has been led by legal partners and delivered in D2.2 First version of entry questionnaire and design of Interactive Handbook.
Design of the technological modules: For the three different modules composing the platform, we have defined the technical requirements, being:
1. Text/data mining algorithms to analyse informative documents in the area of data protection, Deliverable D3.1 Design of algorithms for analysing GDPR elements and document complexity
2. Machine learning algorithms to identify personal data stored in MEnts data repositories, Deliverable D4.1 Design of methods for data ingestion, algorithms for personal data identification and privacy risks
3. Service to analyse MEnts websites and mobile apps, initial description in Deliverable D5.1 Design of website and mobile app analysis module

Final results

The main achievement for the current period has been the requirements definition, these requirements are the base of the foundations for the technical work to be carried out to design and adapt all the technological modules and integrate them into the final cloud platform.
The requirements are clasified into:
a. Legal requirements for MEnts: the most relevant GDPR and e-Privacy rules affecting MEnts’ processing activities have been extracted from the legal texts and SMOOTH legal partners have given their opinions and guidance for designing the Entry Questionnaire. The legal requirements have been structured in blocks for covering all the data protection principles, the rights of individuals, and controllers’ obligations on security of processing and notification of data breaches.
b. MEnts requirements for the SMOOTH Platform: MEnts have been consulted to provide useful insight on their current data processing activities and their GDPR readiness
c. Technical requirements for the SMOOTH Platform: Technical partners have defined the tools and technologies to be used in each module.
d. Legal requirements for the SMOOTH Platform itself: Given that the platform is required to process personal data, the Consortium must ensure that data processing in the SMOOTH platform itself is done in a GDPR compliant, secure and confidential manner. The legal partners have identified the specific obligations according to the legislative framework. Those obligations have been translated into a set of concrete legal requirements.
Design of GDPR Interactive HandBook: It has been designed to assist compliance of MEnts not specialised in the field of data protection. The main GDPR requirements having impact on micro-enterprises have been listed, compiled and during the next phase of the project will be translated into the interactive tool, including the website and mobile application.
Design of SMOOTH platform: The initial version of the SMOOTH platform has been delivered in D6.1.
The ambition of SMOOTH is to become a reference project to provide a tool on data protection and ePrivacy management for MEnts and give a clear push to GDPR wide adoption, increasing in parallel:
o trust and confidence in the Digital Single Market: SMOOTH is developing a set of practical tool to create GDPR awareness, assess compliance along with other data protection regulations. SMOOTH will push the adoption of the GDPR by MEnts contributing directly to support transparency on the use of citizens’s data. The adoption of measures to safeguard citizens’ personal data and implement transparency procedures by these companies will provide to their day-to-day customers and suppliers with the now nearly-non-existent trust in MEnts on the relevance of the personal data requested and on how they will handle this data and put them on the same level of confidence as large corporations. This will result in a more level playing field in the Digital Single Market where small actors are part of the solution and do not end up excluded due to their lack of knowledge, skills or resources. But also it will clearly improve security on all internet services and remove one of the most important elements of citizens’ resistance to use online services coming from small-medium size companies.
o the extension of the adoption of privacy-by –design principles in ICT services and services: The platform was initially supposed to be available in English, Spanish and Latvian, but given the enormous interest shown by Italian organisations, the Consortium has decided to include the Italian language to be supported by the platform. This fact, together with the API for extending it with third party tools or others arising from new regulations and the guidelines to extend it to other languages, provide MEnts across Europe a single platform across all European countries to be used to assess and adopt GDPR.
Also, thanks to its market validation, dissemination, standardization and outreach activiti

Website & more info

More info: https://smoothplatform.eu/.