Catching up with BPR4GDPR: Helping businesses keep citizens’ personal data safe
Introduced in 2018, the EU’s General Data Protection Regulation offers citizens comprehensive protections for personal data, as well as simplifying the regulatory landscape for businesses. Nonetheless, achieving GDPR compliance remains a challenge, especially for small businesses with limited resources and expertise. The BPR4GDPR (Business Process Re-engineering and functional toolkit for GDPR compliance) project brought together 11 organisations from across Europe to build tools that could help SMEs meet their data privacy obligations. The GDPR landscape has continued to evolve over the years, with a greater awareness of the rules among consumers and industry, and an increased level of resources spent on compliance. “Whereas the core of BPR4GDPR solutions has not been altered, some alignment was deemed necessary,” says George Lioudakis, BPR4GDPR Policy Framework leader and co-founder of project partner ICT abovo. Lioudakis says key issues included the adaptation of the information models to incorporate additional concepts, the specification of appropriate process models to handle emerging situations, as well as a comprehensive viewpoint on the data subjects’ rights. He adds: “Usability aspects have emerged as an important challenge, which was investigated during the project and is currently being further elaborated.”
Market solutions
Over the course of the project, which concluded in April 2021, BPR4GDPR trialled three distinct GDPR use cases covering a governmental healthcare setting, a network of car dealerships, and real estate agencies using cloud-based services. “An extensive regulatory analysis showed that BPR4GDPR delivered a tool portfolio that supports compliance with the crucial obligations set forth by the GDPR,” notes project coordinator Spiros Alexakis from CAS Software. “Data subjects’ rights, security, privacy by design and by default, accountability obligations can all be improved by the use of BPR4GDPR tools.” Commercial tools from CAS Software and ICT abovo are anticipated to be released before the end of this year. CAS Software results will be released as an additional module of their CRM software SmartWe. The academic findings of the project have already been released as an open-source resource. Individual assets generated by BPR4GDPR partners are also being combined into commercial ‘feature sets’. These include a process model re-engineering framework and authorisation engine for GDPR compliance, a user-centred GDPR compliance toolkit, and analysis tools for detecting risks and vulnerabilities. “Though all BPR4GDPR assets may be offered as standalone tools, a feature set is a larger, more complete application targeting specific needs of a customer,” explains Alexakis. Each feature set is expected to reach market maturity in around 12 months. Lioudakis credits the Horizon 2020 programme as instrumental to the project’s success, noting that EU funding allowed for the establishment of a strong collaboration across the breadth of Europe to tackle the challenges of online privacy and security, to the benefit of all EU citizens.
Keywords
BPR4GDPR, GDPR, data, privacy, personal, security, online, toolkit, compliance, assets