Although, the market is full of companies offering their services and tools for GDPR compliance, such solutions are mostly focused on providing generic approaches and frameworks that allow organisations to evaluate their current GDPR readiness level and propose some generic...
Although, the market is full of companies offering their services and tools for GDPR compliance, such solutions are mostly focused on providing generic approaches and frameworks that allow organisations to evaluate their current GDPR readiness level and propose some generic guidelines for moving towards compliance. They do not however provide specific methods, techniques and tools to tackle the above challenges. As a result, the above challenges remain. It is therefore important to develop, as indicated on the Call, “tools and methods to assist organisations to implement GDPR….†and to ensure that such methods and tools focus on solving the challenges that prevent organisations to achieve GDPR compliance but also support continuous compliance.
The main aim of the DEFeND project is to deliver an innovative data privacy governance platform, which will facilitate scoping and processing of data and data breach management and will support organisations towards GDPR compliance.
To achieve the above aim, the project focuses on providing a realistic and useful solution that deals with the main research challenges mentioned above, through 7 objectives.
• Objective 1. Design and development of a successful, market-oriented, platform to support organisations towards GDPR compliance.
• Objective 2. Develop a modular solution that cover different aspects of the GDPR
• Objective 3. Automated methods and techniques to elicit, map and analyse data that organisations hold for individuals
• Objective 4. Advanced modelling languages and methodologies for privacy-by-design and data protection management
• Objective 5. Specification, management and enforcement of Personal Data Consent.
• Objective 6. Integrated encryption and anonymization solutions for GDPR.
• Objective 7. Deployment and validation of the DEFeND platform in real operational environments.
The project is directly linked to GDPR and the privacy of European Citizens’ personal data. DEFeND is a unique attempt to combine privacy related technological solutions coming from different research disciplines (privacy engineering, privacy requirements engineering, and policy enforcement and monitoring to create a solution that provides organisations with privacy management support from requirements to implementation to enforcement and monitoring. Such combination ensures that organisations which hold European Citizens’ data use state of the art privacy technologies and they have in place privacy measures to increase EU citizens’ data privacy protection.
During this period, five of seven workpackages were active. WP1 Management, in addition to administrative, financial and project management activities, is in charge of the Ethics Committee and of the Security Advisory Board.
WP2, on requirements analysis and platform architecture specification, started in M1 and ended together with this reporting period in M12, it is the main technical work-package running in this period in charge of the specification and analysis of the requirements of the DEFeND platform, the definition of the platform architecture and the specification of the Pilot scenarios to test and validate the platform. WP2 produced four deliverables during the period: D2.1, D2.2, D2.3 and D2.4.
WP3, on development of the DEFeND platform services, started in M9 and will remain active during the second period. No deliverables have been produced during this period.
WP6, dissemination, communication and exploitation activities, will remain active until the end of the project. This work-package has produced two deliverables during this period: D6.1 and D6.2.
Finally, WP7, on Ethics requirements, started in M1 and will remain active until the end of the project. During this reporting period, WP7 has produced two deliverables: D7.3 and D7.4. As part of the work conducted in this work-package, it was appointed an external independent Ethics Advisor for the project, who will monitor and review the project activities to ensure compliance with the Ethics requirements
After one year, the project has achieved the following milestones:
- Complete elicitation, specification, prioritization and analysis of the DEFeND Platform requirements from different perspectives: compliance and legal, privacy and security and stakeholders’ functional and non-functional.
- Design of the reference DEFeND Platform architecture. This reference architecture specifies the main building blocks and their functionalities, the governance structure, the communication approach with the different interfaces offered for internal and external communication. The architecture establishes baseline principles that allow for the implementation of the DEFeND services, the orchestration of the components and the development of communication mechanisms for a seamless integration of the partners’ tools into a platform that fulfils the requirements specified in the previous stage.
- Initial description of pilot scenarios that will allow us to validate the DEFeND approach in four different stakeholders’ domains: Public Administration (Municipality of Peshtera), Banking (Abi Lab), Healthcare (Fundación Hospital Universitario Niño Jesús) and Energy & Utilities (GridPocket).
- Definition of the dissemination and communication strategy for the project, which identifies the target audience, the means and the channels to use to guarantee an effective and continuous communication of the project progress and results maximising impact. The project set-up the main communication channels (i.e. project website, social network profiles), developed marketing material, prepared public project presentations for academic and industrial events and submitted various scientific papers to create awareness about the project advances.
- The exploitation activities kicked-off with an initial market/competitor analysis, the identification of potential exploitable results and development of draft business plan.
The DEFeND project is oin target to achieve its expected progress beyond the state of the art as identified in the DoA. In particular:
• Advancement of the state-of-the-art in Privacy-by-Design by facilitating organisations to implement a privacy management approach that takes into account the PbD principles, enabling them to (re)design their processes with respect to their privacy requirements, at an operational level. Initial work towards this progress has been made by eliciting and analysing requirements for the DEFeND platform that will support the ambitious privacy-by-design focus of the DEFeND platform.
• Advancement of the state of the art in Consent Management. DEFeND approaches consent management in a holistic way, aiming to deliver a Privacy Data Consent (PDC) to users which will act as a contract among the data controller and data subject, encapsulating all the necessary information regarding the consent of the processing to their personal data.
• Advancement of the state of the art in data breach management by providing an in-depth organisational analysis for the identification of the information being handled, and the privacy and security requirements.
• Advancement of the state of the art in Data Protection Impact Assessment by providing an in-depth processing analysis based on a structured visual methodology. This analysis will be performed in an easy and user friendly interface and it will not need a specific knowledge and expertise in security and/or risk analysis to be performed.
More info: http://www.defendproject.eu.