Descrizione del progetto
Garantire la conformità al GDPR promuovendo l’innovazione
Oggi le organizzazioni si trovano ad affrontare numerose sfide associate alla necessità di garantire la conformità al regolamento generale sulla protezione dei dati (GDPR). Il progetto BPR4GDPR, finanziato dall’UE, fornisce un quadro versatile adattato a varie scale e domini applicativi che fornisce una serie di strumenti conformi ai requisiti del GDPR. Il progetto, fondato su una base semantica e implementato sul cloud, utilizza modelli di processo espressi attraverso un metamodello di conformità in grado di acquisire le disposizioni avanzate in materia di privacy. Un potente quadro politico assicura la verifica e la trasformazione automatica dei modelli, rendendoli inerentemente sensibili alla privacy. Sfruttando la tecnica del process mining, la soluzione verifica la conformità e migliora i modelli nel corso del tempo. Affrontando in modo completo le sfide legate al GDPR, il progetto offre strumenti per supportare la conformità a tale regolamento, la rendicontazione, la gestione dei dati e il miglioramento della privacy.
Obiettivo
The goal of BPR4GDPR is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and inter-organisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. To this end, proposed solutions will have a strong semantic foundation and cover the full process lifecycle addressing major challenges and priorities posed by the regulation, including requirements interpretation, broad territorial scope, accountability, security means enforcement, data subject’s rights and consent, unified data view and processing actions inventory, privacy by design, etc.
The starting point will be process models, either automatically discovered through organisation logs or manually specified, formally expressed through a Compliance Metamodel, a comprehensive process modelling technology able to capture advanced privacy provisions. Thereupon, a highly expressive policy framework will guide the automatic verification of these models regarding GDPR requirements, and their subsequent transformation, so that they are rendered inherently privacy-aware before being deployed for execution. Subsequently, the consistent execution of GDPR-compliant processes will be ensured by a comprehensive set of tools able to support all diverging requirements that may arise from GDPR, related to data handling, data subjects’ involvement, various PETs, etc., so that even organisations with currently no such infrastructure in place can readily have such mechanisms. Finally, process mining will be extensively used for the ex post analysis of processes, in order to ensure that specified policies are indeed enforced. However, apart from verifying compliance, such techniques will offer the added value of automatically improving process models over time towards optimised fulfillment of both legal and business requirements.
Deployed on the Cloud, BPR4GDPR will provide for Compliance-as-a-Service (CaaS)
Campo scientifico
- natural sciencescomputer and information sciencesknowledge engineeringontology
- natural sciencescomputer and information sciencescomputer securitydata protection
- social scienceseconomics and businessbusiness and managementbusiness models
- social scienceseconomics and businesseconomicssustainable economy
- social scienceslaw
Programma(i)
Invito a presentare proposte
Vedi altri progetti per questo bandoBando secondario
H2020-DS-SC7-2017
Meccanismo di finanziamento
IA - Innovation actionCoordinatore
76131 Karlsruhe
Germania