SlideShare a Scribd company logo

Mcis 2018 DEFeND Project

DEFeND Project
DEFeND Project

The General Data Protection Regulation (GDPR) history, its main challenges and how the Defend Project wants to address these challenges

Technology
1 of 23
Download to read offline
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068. Aggeliki Tsohou, Assistant Professor Ionian University, Dept. of Informatics The Mediterranean Conference on Information Systems (MCIS 2018) 30th September 2018
Outline v The General Data Protection Regulation (GDPR): overview and history v Challenges of GDPR compliance v The DEFeND project and how it addresses (some) of the challenges: • Objectives • Architecture and Components • Management and Organization of work
The drivers of the GDPR regulation v Need for modernization: new or advanced online services and technologies compared to the era that previous regulation rules were introduced (e.g., social networks, location-based services, cloud computing, data processing and storage capabilities) v Need to give to individuals back control over of their personal data vNeed to simplify the regulatory environment for business vUnnecessary administrative requirements for businesses (e.g. notification to several data protection authorities) causing significant costs 3
Significant Milestones of the GDPR v In January 2012 EU proposes a reform of data protection rules to increase users' control of their data and to cut costs for businesses v In March 2014 the European Parliament approves the proposal for the new regulation (first reading) v In April 2016 the GDPR is announced v In May 2016 the GDPR enters into force v In May 2018 the GDPR applies
GDPR: Changes and Implications Compared to the 95/46/EC v Extension of data that fall under the categories of personal data and special categories of personal data v Heavier responsibility and role for the data controllers and processors v Appointment of Data Protection Officer v Wider territorial scope v Additional rights to the data subjects v Differentiations on the role for the data protection authorities v Privacy by default and personal data impact assessment as core principle for the design of information systems
GDPR: Changes and Implications Compared to the Previous Regulation And of course…higher penalties! Up to 20 000 000 EUR, or up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher
(only some of the) Research Gaps and Opportunities v Obtaining data subjects’ consent v Ensuring data subjects’ rights (e.g., right to erasure, right to data portability) v Ensuring personal data control v Designing and Implementing information systems that ensure privacy by design and by default v Demonstrating compliance with GDPR v Performing privacy impact assessment 7
Our Group’s Ongoing Research in Informed Consent and Privacy Awareness 8 § Tsohou, A. and Kosta, E. (2017), Enabling valid informed consent for location tracking through privacy awareness of users: A process theory, Computer Law & Security Review: The International Journal of Technology Law and Practice, Vol. 33, No. 4, pp. 434-457 § Soumelidou K. and Tsohou A. Effects of Privacy Policy Visualization on Users’ Information Privacy Awareness Level – The Case of Instagram, IT & People (under Review) § Paspatis, I., Tsohou A. and Kokolakis S. (2017), Mobile Application Privacy Risks: Viber Users’ De-Anonymization Using Public Data, 11th Mediterranean Conference on Information Systems, Genova, Italy, September 2017 § Paspatis, I., Tsohou A. and Kokolakis S. (2018), AppAware: A Model For Privacy Policy Visualization For Mobile Applications, 12th Mediterranean Conference on Information Systems, Corfu, Greece, September 2018
9
10 7 KEY PRINCIPLES • Lawfulness, fairness and transparency • Purpose limitation • Data minimization • Integrity and confidentiality • Storage limitation • Accuracy • Accountability ACCOUNTABILITY • Contractual organization • Privacy-by-design & Privacy-by-default • Records of data processing activities • Privacy Impact Assessments • Data Protection Officer RIGHTS OF INDIVIDUALS • Information • Access • Rectification • Erasure • Restriction • Portability • Objection • Automated decision-making / profiling GDPR: CHALLENGES
11 IMPLEMENTING PRIVACY BY DESIGN/PRIVACY ENGINEERING Implement technical and organization measures to show that the origination has considered and integrated data compliance measures into data processing activities DATA DE-IDENTIFICATION/ ANONYMIZATION Assess and implement anonymization and pseudonymization techniques to fall outside the scope of the GDPR or comply with certain requirements MEETING REGULATORY REPORTING REQUIREMENTS Set up methods to review compliance activities and keep records for internal and external reporting to demonstrate compliance (e.g. privacy notices and records of privacy-related escalation handling activities) ADDRESSING INTERNATIONAL DATA TRASNFERS Map international data flows and manage mechanism to allow for transfer of data to non-EEA countries (BCRs, MCCs, Privacy Shield, etc.) DEVELOPING A GDPR PRIVACY PLAN Conduct a comprehensive assessment of the organization readiness for GDPR and develop a plan of action to reach compliance CREATING A THIRD PARTY MANAGEMENT PROGRAM Manage third party vendor risk and create policies, procedures and on- going management to ensure third party compliance and implementation of necessary contractual arrangements MANAGING PRIVACY COMPLAINTS AND INDIVIDUAL RIGHTS Develop processes and policies to respond to requests made by individuals (right to information but also access, rectification, restriction, objection, erasure and portability rights) MANAGING PRIVACY INCIDENTS AND BREACH NOTIFICATION Review information security policies and breach handling incident response plans to comply with the strict formal reporting (notification) obligations CREATING DATA INVENTORY AND MAPS Inventory of processing activities and data flows, classified by data type, purpose and responsibilities. CONDUCTING PRIVACY RISK ASSESSMENTS (PIAs/DPIAs) Design and implement processes to conduct and manage PIAs/DPIAs and risk assessments across the organization, based on legal and regulatory requirements OBTAINING AND MANAGING USER CONTENT Develop processes to comply with new content requirements: ‘a statement or a clear affirmative action’ from the data subject, must be ‘freely given, specific, informed and unambiguous’ Implement physical, technical, and administrative measures to keep personal data secure and confidential through adequate standard or certification SELECTION OF APPROPRIATE SECURITY TECHNICAL AND ORGANISATIONAL MEASURES
12 ORGANISATION START DATE 1 July 2018 CALL TOPIC H2020-DS08-2017 Cybersecurity PPP: Privacy, Data Protection, Digital Identities DURATION 30 months GRANT AMOUNT EUR 2,737,300.00
13 Design and development of a successful, MARKET-ORIENTED, PLATFORM to support organizations towards GDPR compliance 1 Develop a MODULAR SOLUTION that covers different aspects of the GDPR 2 AUTOMATED methods and techniques to elicit, map and ANALYZE DATA that organizations hold for individuals 3 Advanced modelling languages and methodologies for privacy-by-design and DATA PROTECTION management 4 Specification, management and enforcement of PERSONAL DATA CONSENT 5 Integrated ENCRYPTION AND ANONYMIZATION solutions for GDPR 6 DEPLOYMENT and VALIDATION of the DEFeND platform in real operational environments 7 OBJECTIVES
14 The Model-Driven Privacy Governance (MDPG) paradigm enables building (from an abstract to a concrete level) and analyzing privacy related models following a Privacy-by-Design approach that spans over two levels, the Planning Level and the Operational Level, and across three management areas, i.e. Data Scope, Data Process and Data Breach DEFeND PARADIGM
15 DATA SCOPE MANAGEMENT (DSM) DATA PROCESS MANAGEMENT (DPM) DATA BREACH MANAGEMENT (DBM) Data flows Identify data, assets Identify accountability Organisational information establishments DEFeND PLATFORM toward GDPR compliance Personal data consent ART. 6, 7, 8, 13,14 Data access rights ART. 15 Security and privacy specification ART. 24 ART. 4 ART. 4 ART. 4 ART. 5 Data Breach Plan Specification ART. 34 Data Protection Impact Assessment (DPIA) Security and Privacy Threats Privacy by Design Data transparency, lawfulness, minimisation ART. 35 ART. 23 ART. 25 ART. 4, 25 Security and Privacy Technologies ART. 32 Privacy Data Consent Monitoring and Notification ART. 19 Data breach Detection, Notification and Response ART. 23, 33, 34, 36 PLANNING LEVEL OPERATIONAL LEVEL
16 DEFeND ARCHITECTURE DATA ASSESSMENT COMPONENT (DAC) Organisation Data Collection Assessment Translator Data Privacy Model DATA PRIVACY ANALYSIS COMPONENT (DPAC) PRIVACY SPECIFICATION COMPONENT (PSC) PRIVACY IMPLEMENTATION AND MONITORING COMPONENT (PIMC) Security/Privacy Technologies Data Access Rights Analysis Consent Analysis Security/Privacy Specification Model Privacy Data Consent (PDC) Model Privacy Technologies Runtime Privacy Data Consent Monitoring Notification DATASCOPE MANAGEMENT(DSM) DATAPROCESS MANAGEMENT(DPM) Data Breach Modelling and Analysis Data breach Detection and Response DATA BREACH COMPONENT (DBC) DATABREACH MANAGEMENT(DBM) Data Breach Model Data Assessment Model DPIA Analysis Data Minimisation Analysis Threat AnalysisPrivacy by Design/Default
17 dashBoardBackEnd GDPR Authorities Report Organisational Information Data Assessment Model Privacy Data Consent Model GDPR Report Security/Privacy Specification Model Breach Notification DATA CONTROLLER-PROCESSOR DATA SUBJECT SUPERVISORY AUTHORITIES GDPR Readiness Report Consent Preferences Privacy Data Consent Model Privacy Implementation and Monitoring Component (PIMC) Data Assessment Component (DAC) GDPR Reporting Service Data Scope Management Service (DSM) GDPR Planning Service Data Breach Management Service (DSM) Data Process Management Service (DPM) Data Privacy Analysis Component (DPAC) Data Breach Component (DBC) Privacy Specification Component (PSC) GDPR DASHBOARD
18 T6.1: Dissemination and public communication T6.2: Exploitation, Business and Commercialization T6.3: Training and Awareness T6.4: Projects and stakeholders networking WP6: DISSEMINATION AND EXPLOITATION T5.1: Pilots’ preparations T5.2: Pilots’ execution and evaluation T5.3: Pilots’ final demonstration WP5: PILOTS PREPARATION AND EXECCUTION T4.1: Services’ integration T4.2: Security and Legal Compliance Audit T4.3: Platform Testing and Refinement WP4: INTEGRATION, DEPLOYMENT AND TESTING T3.1: Data Scope Management T3.2: Data Process Management T3.3: Data Breach Management T4.4: Dashboard WP3: DEVELOPMENT OF PLATFORMS SERVICES T1.1: Project Management T2.2: Quality and Innovation Management T2.3: Compliance and Ethics Management T1.4: Technical Management T1.5: Security Advisory Board WP1: PROJECT, QUALITY AND COMPLIANCE MANAGEMENT WORK PLAN T2.1: Requirements and Specifications T2.2: Privacy and Compliance Requirements T2.3: Platform Architecture T2.4: Definition of pilots’ scenarios WP2: REQUIREMENTS AND ARCHITECTURE
19 ENERGY SECTOR (PRIVATE) GP (France) BANKING SECTOR (PRIVATE) ABILab (Italy) HEALTH CARE (PUBLIC) Fundacion Para la Investigacion Biomedica Hospital Infantil Universitario Niño Jesus (Spain) PUBLIC ADMINISTRATION (PUBLIC) PESHTERA MUNICIPALITY (Bulgaria) DEFeND platform will be tested in operational environment (TRL 7) for two different types of scenarios across four sectors, focusing on the GDPR compliance process for end-users and on the GDPR implications for external stakeholders. DEFeND PILOTS
DEFeND: PARTNERS AND CONTACTS 11 UNIVERSITY OF BRIGHTON Haris Mouratidis Prof of Software Systems Engineering computing engineering & mathematics H.Mouratidis@brighton.ac.uk BUSINESS-E Claudio Girlanda Competence Center Applications Manager claudio.girlanda@maticmind.it ATOS Pedro Soria Rodriguez Head of Market pedro.soria@atos.net FIB Andrés G. Castillo Sanz Head of Innovation Department andres.castillo@salud.madrid.org IONIAN UNIVERSITY Aggeliki Tsohou Assistant Professor atsohou@ionio.gr PESHTERA MUNICIPALITY Georgi Simeonov Project Manager simeonov@reap-bg.eu Nikolay Zaychev Mayor zaichev@abv.bg
DEFeND: PARTNERS AND CONTACTS Benoit Van Asbroeck Partner Benoit.Van.Asbroeck@twobirds.com 12 Filip Gluszak President filip.gluszak@gridpocket.com Luis Miguel Serra da Costa Campos CEO luis.campos@pdmfc.com Romano STASI General Manager r.stasi@abilab.it Teresa Spada Responsible for the Institutional Projects t.spada@abilab.it Marco Crabu In House Consultant marcocrabu@gmail.com Marco Rotoloni Research Analyst m.rotoloni@abilab.it ABI LAB GRIDPOCKET Papa Niamadio Project Manager papa.niamadio@gridpocket.com PDM Francisco Correia Loureiro Director, Security Solutions francisco.loureiro@pdmfc.com Luis Miguel Landeiro Ribeiro CTO luis.ribeiro@pdmfc.com BIRD & BIRD Julien Debussche Associate Julien.Debussche@twobirds.com Jasmien César Associate Jasmien.Cesar@twobirds.com
22 Coordinator: Beatriz Gallego-Nicasio Crespo, Atos, beatriz.gallego-nicasio@atos.net DEFeND: PROJECT CONTACTS 13 COORDINATOR TECHNICAL MANAGER COMMUNICATION WEBSITE Technical Manager: Prof. Haralambos (Haris) Mouratidis, UoB, H.Mouratidis@brighton.ac.uk Communication: info@defend.eu Project website: www.defendproject.eu
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068. THANK YOU Contacts Coordinator: Beatriz Gallego-Nicasio Crespo, Atos, beatriz.gallego-nicasio@atos.net Technical Manager: Prof. Haralambos (Haris) Mouratidis, UoB, H.Mouratidis@brighton.ac.uk Communication: info@defend.eu | Project website: www.defendproject.eu

Recommended

GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
CloudWATCH Consortium
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
IDC4EU
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip law
Francesco Banterle
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
Operations network - consent under gdpr 24.01.2018
Operations network - consent under gdpr 24.01.2018Operations network - consent under gdpr 24.01.2018
Operations network - consent under gdpr 24.01.2018
MRS
 

Recommended

GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
CloudWATCH Consortium
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
Beyond Privacy: Learning Data Ethics - European Big Data Community Forum 2019...
IDC4EU
 
The interface between data protection and ip law
The interface between data protection and ip lawThe interface between data protection and ip law
The interface between data protection and ip law
Francesco Banterle
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
Operations network - consent under gdpr 24.01.2018
Operations network - consent under gdpr 24.01.2018Operations network - consent under gdpr 24.01.2018
Operations network - consent under gdpr 24.01.2018
MRS
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
Claudio Bolla, CISM
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
MRS
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Codemotion
 
MRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair DataMRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair Data
MRS
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
MRS
 
DPIA template
DPIA templateDPIA template
DPIA template
Tommy Vandepitte
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
MRS
 
Operations network meeting 22 January 2019
Operations network meeting 22 January 2019Operations network meeting 22 January 2019
Operations network meeting 22 January 2019
MRS
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Michael Adamberry
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
VYTIS MALECKAS
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson LLP
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
Salman Baset
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
Salman Baset
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
Franco Coin
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements
Brussels Legal Hackers
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
DEFeND Project
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
Matt Stubbs
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
Olivier BARROT
 

More Related Content

What's hot

MRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair DataMRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair Data
MRS
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
MRS
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
VYTIS MALECKAS
 

What's hot (19)

GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
 
GDPR master class - transparent research projects
GDPR master class - transparent research projectsGDPR master class - transparent research projects
GDPR master class - transparent research projects
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
 
MRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair DataMRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair Data
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 
DPIA template
DPIA templateDPIA template
DPIA template
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
 
Operations network meeting 22 January 2019
Operations network meeting 22 January 2019Operations network meeting 22 January 2019
Operations network meeting 22 January 2019
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
 
GDPR and Blockchain
GDPR and BlockchainGDPR and Blockchain
GDPR and Blockchain
 
A Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.CoinA Pratical Guide to GDPR - F.Coin
A Pratical Guide to GDPR - F.Coin
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements
 

Similar to Mcis 2018 DEFeND Project

GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
Jim Wilson
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Sirius
 
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
Alan McSweeney
 

Similar to Mcis 2018 DEFeND Project (20)

DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
Members evening - data protection
Members evening - data protectionMembers evening - data protection
Members evening - data protection
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Setting the right GDPR priorities
Setting the right GDPR prioritiesSetting the right GDPR priorities
Setting the right GDPR priorities
 
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
Steve Wood Generative AI and Data Protection Asia Privacy Bridge October 202...
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Analytics in Action - Data Protection
Analytics in Action - Data ProtectionAnalytics in Action - Data Protection
Analytics in Action - Data Protection
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...
 
Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...Toreon adding privacy by design in secure application development oss18 v20...
Toreon adding privacy by design in secure application development oss18 v20...
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratg
 
DPO Circle 2018
DPO Circle 2018 DPO Circle 2018
DPO Circle 2018
 

Recently uploaded

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 

Mcis 2018 DEFeND Project

  • 1. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068. Aggeliki Tsohou, Assistant Professor Ionian University, Dept. of Informatics The Mediterranean Conference on Information Systems (MCIS 2018) 30th September 2018
  • 2. Outline v The General Data Protection Regulation (GDPR): overview and history v Challenges of GDPR compliance v The DEFeND project and how it addresses (some) of the challenges: • Objectives • Architecture and Components • Management and Organization of work
  • 3. The drivers of the GDPR regulation v Need for modernization: new or advanced online services and technologies compared to the era that previous regulation rules were introduced (e.g., social networks, location-based services, cloud computing, data processing and storage capabilities) v Need to give to individuals back control over of their personal data vNeed to simplify the regulatory environment for business vUnnecessary administrative requirements for businesses (e.g. notification to several data protection authorities) causing significant costs 3
  • 4. Significant Milestones of the GDPR v In January 2012 EU proposes a reform of data protection rules to increase users' control of their data and to cut costs for businesses v In March 2014 the European Parliament approves the proposal for the new regulation (first reading) v In April 2016 the GDPR is announced v In May 2016 the GDPR enters into force v In May 2018 the GDPR applies
  • 5. GDPR: Changes and Implications Compared to the 95/46/EC v Extension of data that fall under the categories of personal data and special categories of personal data v Heavier responsibility and role for the data controllers and processors v Appointment of Data Protection Officer v Wider territorial scope v Additional rights to the data subjects v Differentiations on the role for the data protection authorities v Privacy by default and personal data impact assessment as core principle for the design of information systems
  • 6. GDPR: Changes and Implications Compared to the Previous Regulation And of course…higher penalties! Up to 20 000 000 EUR, or up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher
  • 7. (only some of the) Research Gaps and Opportunities v Obtaining data subjects’ consent v Ensuring data subjects’ rights (e.g., right to erasure, right to data portability) v Ensuring personal data control v Designing and Implementing information systems that ensure privacy by design and by default v Demonstrating compliance with GDPR v Performing privacy impact assessment 7
  • 8. Our Group’s Ongoing Research in Informed Consent and Privacy Awareness 8 § Tsohou, A. and Kosta, E. (2017), Enabling valid informed consent for location tracking through privacy awareness of users: A process theory, Computer Law & Security Review: The International Journal of Technology Law and Practice, Vol. 33, No. 4, pp. 434-457 § Soumelidou K. and Tsohou A. Effects of Privacy Policy Visualization on Users’ Information Privacy Awareness Level – The Case of Instagram, IT & People (under Review) § Paspatis, I., Tsohou A. and Kokolakis S. (2017), Mobile Application Privacy Risks: Viber Users’ De-Anonymization Using Public Data, 11th Mediterranean Conference on Information Systems, Genova, Italy, September 2017 § Paspatis, I., Tsohou A. and Kokolakis S. (2018), AppAware: A Model For Privacy Policy Visualization For Mobile Applications, 12th Mediterranean Conference on Information Systems, Corfu, Greece, September 2018
  • 9. 9
  • 10. 10 7 KEY PRINCIPLES • Lawfulness, fairness and transparency • Purpose limitation • Data minimization • Integrity and confidentiality • Storage limitation • Accuracy • Accountability ACCOUNTABILITY • Contractual organization • Privacy-by-design & Privacy-by-default • Records of data processing activities • Privacy Impact Assessments • Data Protection Officer RIGHTS OF INDIVIDUALS • Information • Access • Rectification • Erasure • Restriction • Portability • Objection • Automated decision-making / profiling GDPR: CHALLENGES
  • 11. 11 IMPLEMENTING PRIVACY BY DESIGN/PRIVACY ENGINEERING Implement technical and organization measures to show that the origination has considered and integrated data compliance measures into data processing activities DATA DE-IDENTIFICATION/ ANONYMIZATION Assess and implement anonymization and pseudonymization techniques to fall outside the scope of the GDPR or comply with certain requirements MEETING REGULATORY REPORTING REQUIREMENTS Set up methods to review compliance activities and keep records for internal and external reporting to demonstrate compliance (e.g. privacy notices and records of privacy-related escalation handling activities) ADDRESSING INTERNATIONAL DATA TRASNFERS Map international data flows and manage mechanism to allow for transfer of data to non-EEA countries (BCRs, MCCs, Privacy Shield, etc.) DEVELOPING A GDPR PRIVACY PLAN Conduct a comprehensive assessment of the organization readiness for GDPR and develop a plan of action to reach compliance CREATING A THIRD PARTY MANAGEMENT PROGRAM Manage third party vendor risk and create policies, procedures and on- going management to ensure third party compliance and implementation of necessary contractual arrangements MANAGING PRIVACY COMPLAINTS AND INDIVIDUAL RIGHTS Develop processes and policies to respond to requests made by individuals (right to information but also access, rectification, restriction, objection, erasure and portability rights) MANAGING PRIVACY INCIDENTS AND BREACH NOTIFICATION Review information security policies and breach handling incident response plans to comply with the strict formal reporting (notification) obligations CREATING DATA INVENTORY AND MAPS Inventory of processing activities and data flows, classified by data type, purpose and responsibilities. CONDUCTING PRIVACY RISK ASSESSMENTS (PIAs/DPIAs) Design and implement processes to conduct and manage PIAs/DPIAs and risk assessments across the organization, based on legal and regulatory requirements OBTAINING AND MANAGING USER CONTENT Develop processes to comply with new content requirements: ‘a statement or a clear affirmative action’ from the data subject, must be ‘freely given, specific, informed and unambiguous’ Implement physical, technical, and administrative measures to keep personal data secure and confidential through adequate standard or certification SELECTION OF APPROPRIATE SECURITY TECHNICAL AND ORGANISATIONAL MEASURES
  • 12. 12 ORGANISATION START DATE 1 July 2018 CALL TOPIC H2020-DS08-2017 Cybersecurity PPP: Privacy, Data Protection, Digital Identities DURATION 30 months GRANT AMOUNT EUR 2,737,300.00
  • 13. 13 Design and development of a successful, MARKET-ORIENTED, PLATFORM to support organizations towards GDPR compliance 1 Develop a MODULAR SOLUTION that covers different aspects of the GDPR 2 AUTOMATED methods and techniques to elicit, map and ANALYZE DATA that organizations hold for individuals 3 Advanced modelling languages and methodologies for privacy-by-design and DATA PROTECTION management 4 Specification, management and enforcement of PERSONAL DATA CONSENT 5 Integrated ENCRYPTION AND ANONYMIZATION solutions for GDPR 6 DEPLOYMENT and VALIDATION of the DEFeND platform in real operational environments 7 OBJECTIVES
  • 14. 14 The Model-Driven Privacy Governance (MDPG) paradigm enables building (from an abstract to a concrete level) and analyzing privacy related models following a Privacy-by-Design approach that spans over two levels, the Planning Level and the Operational Level, and across three management areas, i.e. Data Scope, Data Process and Data Breach DEFeND PARADIGM
  • 15. 15 DATA SCOPE MANAGEMENT (DSM) DATA PROCESS MANAGEMENT (DPM) DATA BREACH MANAGEMENT (DBM) Data flows Identify data, assets Identify accountability Organisational information establishments DEFeND PLATFORM toward GDPR compliance Personal data consent ART. 6, 7, 8, 13,14 Data access rights ART. 15 Security and privacy specification ART. 24 ART. 4 ART. 4 ART. 4 ART. 5 Data Breach Plan Specification ART. 34 Data Protection Impact Assessment (DPIA) Security and Privacy Threats Privacy by Design Data transparency, lawfulness, minimisation ART. 35 ART. 23 ART. 25 ART. 4, 25 Security and Privacy Technologies ART. 32 Privacy Data Consent Monitoring and Notification ART. 19 Data breach Detection, Notification and Response ART. 23, 33, 34, 36 PLANNING LEVEL OPERATIONAL LEVEL
  • 16. 16 DEFeND ARCHITECTURE DATA ASSESSMENT COMPONENT (DAC) Organisation Data Collection Assessment Translator Data Privacy Model DATA PRIVACY ANALYSIS COMPONENT (DPAC) PRIVACY SPECIFICATION COMPONENT (PSC) PRIVACY IMPLEMENTATION AND MONITORING COMPONENT (PIMC) Security/Privacy Technologies Data Access Rights Analysis Consent Analysis Security/Privacy Specification Model Privacy Data Consent (PDC) Model Privacy Technologies Runtime Privacy Data Consent Monitoring Notification DATASCOPE MANAGEMENT(DSM) DATAPROCESS MANAGEMENT(DPM) Data Breach Modelling and Analysis Data breach Detection and Response DATA BREACH COMPONENT (DBC) DATABREACH MANAGEMENT(DBM) Data Breach Model Data Assessment Model DPIA Analysis Data Minimisation Analysis Threat AnalysisPrivacy by Design/Default
  • 17. 17 dashBoardBackEnd GDPR Authorities Report Organisational Information Data Assessment Model Privacy Data Consent Model GDPR Report Security/Privacy Specification Model Breach Notification DATA CONTROLLER-PROCESSOR DATA SUBJECT SUPERVISORY AUTHORITIES GDPR Readiness Report Consent Preferences Privacy Data Consent Model Privacy Implementation and Monitoring Component (PIMC) Data Assessment Component (DAC) GDPR Reporting Service Data Scope Management Service (DSM) GDPR Planning Service Data Breach Management Service (DSM) Data Process Management Service (DPM) Data Privacy Analysis Component (DPAC) Data Breach Component (DBC) Privacy Specification Component (PSC) GDPR DASHBOARD
  • 18. 18 T6.1: Dissemination and public communication T6.2: Exploitation, Business and Commercialization T6.3: Training and Awareness T6.4: Projects and stakeholders networking WP6: DISSEMINATION AND EXPLOITATION T5.1: Pilots’ preparations T5.2: Pilots’ execution and evaluation T5.3: Pilots’ final demonstration WP5: PILOTS PREPARATION AND EXECCUTION T4.1: Services’ integration T4.2: Security and Legal Compliance Audit T4.3: Platform Testing and Refinement WP4: INTEGRATION, DEPLOYMENT AND TESTING T3.1: Data Scope Management T3.2: Data Process Management T3.3: Data Breach Management T4.4: Dashboard WP3: DEVELOPMENT OF PLATFORMS SERVICES T1.1: Project Management T2.2: Quality and Innovation Management T2.3: Compliance and Ethics Management T1.4: Technical Management T1.5: Security Advisory Board WP1: PROJECT, QUALITY AND COMPLIANCE MANAGEMENT WORK PLAN T2.1: Requirements and Specifications T2.2: Privacy and Compliance Requirements T2.3: Platform Architecture T2.4: Definition of pilots’ scenarios WP2: REQUIREMENTS AND ARCHITECTURE
  • 19. 19 ENERGY SECTOR (PRIVATE) GP (France) BANKING SECTOR (PRIVATE) ABILab (Italy) HEALTH CARE (PUBLIC) Fundacion Para la Investigacion Biomedica Hospital Infantil Universitario Niño Jesus (Spain) PUBLIC ADMINISTRATION (PUBLIC) PESHTERA MUNICIPALITY (Bulgaria) DEFeND platform will be tested in operational environment (TRL 7) for two different types of scenarios across four sectors, focusing on the GDPR compliance process for end-users and on the GDPR implications for external stakeholders. DEFeND PILOTS
  • 20. DEFeND: PARTNERS AND CONTACTS 11 UNIVERSITY OF BRIGHTON Haris Mouratidis Prof of Software Systems Engineering computing engineering & mathematics H.Mouratidis@brighton.ac.uk BUSINESS-E Claudio Girlanda Competence Center Applications Manager claudio.girlanda@maticmind.it ATOS Pedro Soria Rodriguez Head of Market pedro.soria@atos.net FIB Andrés G. Castillo Sanz Head of Innovation Department andres.castillo@salud.madrid.org IONIAN UNIVERSITY Aggeliki Tsohou Assistant Professor atsohou@ionio.gr PESHTERA MUNICIPALITY Georgi Simeonov Project Manager simeonov@reap-bg.eu Nikolay Zaychev Mayor zaichev@abv.bg
  • 21. DEFeND: PARTNERS AND CONTACTS Benoit Van Asbroeck Partner Benoit.Van.Asbroeck@twobirds.com 12 Filip Gluszak President filip.gluszak@gridpocket.com Luis Miguel Serra da Costa Campos CEO luis.campos@pdmfc.com Romano STASI General Manager r.stasi@abilab.it Teresa Spada Responsible for the Institutional Projects t.spada@abilab.it Marco Crabu In House Consultant marcocrabu@gmail.com Marco Rotoloni Research Analyst m.rotoloni@abilab.it ABI LAB GRIDPOCKET Papa Niamadio Project Manager papa.niamadio@gridpocket.com PDM Francisco Correia Loureiro Director, Security Solutions francisco.loureiro@pdmfc.com Luis Miguel Landeiro Ribeiro CTO luis.ribeiro@pdmfc.com BIRD & BIRD Julien Debussche Associate Julien.Debussche@twobirds.com Jasmien César Associate Jasmien.Cesar@twobirds.com
  • 22. 22 Coordinator: Beatriz Gallego-Nicasio Crespo, Atos, beatriz.gallego-nicasio@atos.net DEFeND: PROJECT CONTACTS 13 COORDINATOR TECHNICAL MANAGER COMMUNICATION WEBSITE Technical Manager: Prof. Haralambos (Haris) Mouratidis, UoB, H.Mouratidis@brighton.ac.uk Communication: info@defend.eu Project website: www.defendproject.eu
  • 23. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787068. THANK YOU Contacts Coordinator: Beatriz Gallego-Nicasio Crespo, Atos, beatriz.gallego-nicasio@atos.net Technical Manager: Prof. Haralambos (Haris) Mouratidis, UoB, H.Mouratidis@brighton.ac.uk Communication: info@defend.eu | Project website: www.defendproject.eu