SlideShare une entreprise Scribd logo

Pdp4e IPEN-2019

Privacy Data Protection for Engineering
Privacy Data Protection for Engineering

Presentation during the IPEN 2019 event in Rome.

Ingénierie
1  sur  16
Télécharger pour lire hors ligne
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering PDP4E privacy engineering toolkit Yod Samuel Martín (UPM) Gabriel Pedroza (CEA LIST) IPEN Workshop 2019 - Rome, June 12 2019 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034
Should GDPR be an engineer’s job? (Tip: It seems it should indeed) 18/06/2019 1/3 PDP4E
The privacy and data protection engineering gap What engineers get… What engineers want… 18/06/2019 PDP4E GDPR PbD PETs PPM/PEM
PDP4E response: what engineers need Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Engineers are not privacy experts, yet they will face privacy issues (even if they may get expert advice) Privacy adoption entails for methods and tools integrated within the large heritage of sw. & sys. engineering 1. Seamlessly include privacy & data protection into software & system engineering tools 2. Integrate privacy & data protection activities into the SDLC stages 3. Provide a readily available body of knowledge with existent wisdom 4. Foster a community of privacy & data protection engineering “Endow engineers with privacy and data protection tools aligned to their mindset”
PDP4E response: what engineers need Metamodels Knowledge Bases Smart grid demonstrator Fintech demonstrator Requirements engineering Risk management Model-driven design Assurance and certification TRL6 TRL7 Byproducts Connected vehicle demonstrator Smart grid demonstrator
18/06/2019 PDP4E System Models Requirements Threats, Controls… Reqs., Controls… Privacy Controls Evidences Risk Management Model-Driven Design Requirements Engineering Assurance Regulation, Ass. Patterns Threats, Controls… Reqs., Controls… Patterns…
Risk-orientation of GDPR Even if there is no damage to the data subject, you are not compliant if you don’t assess and mitigate risks. Multilateral risk management: Data protection impact assessment Security impact analysis, security measures Compensations, liabilities and fines Supply Chain and Vendor Relationship Management (i.e. processors’, joint controllers, third parties, transfers…) Risks to rights and freedoms of the data subjects Risks derived from data breaches Derived business risks … But not everything in GDPR is a risk: - e.g. “risk of not asking the data subjects their age” GOAL - e.g. “risk of not providing a transparent poilcy” GOAL - vs “risk of misidentifying a child as an adult” UNCERTAINTY - vs “risk of users having low reading skills” UNCERTAINTY 18/06/2019 PDP4E
MUSA risk management tool for security impact assessment 18/06/2019 PDP4E
GDPR modelling in OpenCert: Reference Framework and Assurance Patterns 18/06/2019 PDP4E
Papyrus overview 18/06/2019 PDP4E
Privacy & data protection requirements metamodel (through Papyrus) 18/06/2019 PDP4E
PDP4E Privacy & data protection requirements engin. method 18/06/2019 PDP4E Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X
Personal data detector Modelling-driven design for Privacy and Data Protection engineering (through Papyrus) 18/06/2019 PDP4E Code verification and validation Model transformation Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100)
Privacy & data protection model-driven design. method 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Process view(s) 3)Apply strategy (e.g., inform, control, enforce, demonstrate) 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Data view(s) 3)Apply strategy (e.g., minimize, separate, abstract, hide) 18/06/2019 PDP4E
Image sources  Slides 1, 2, 5: all the logos of the PDP4E partners’, publications, and others are copyrighted and/or trademarked by the respective organizations.  Slide 2: captures of the headlines from browsing through the following webpages, used under right of quotation:  How GDPR Will Change The Way You Develop https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/ by Heather Burns, at Smashing Magazine.  15 steps to developing GDPR-compliant apps https://techbeacon.com/security/15-steps-developing-gdpr-compliant-apps by Johanna Curiel, at TechBeacon.  What Developers and Publishers Need to Know About the GDPR https://medium.com/struucom/what-developers-and-publishers-need-to-know-about-the-gdpr-cfe0f97412f by Struu blog on Medium.  What Developers Need to Know About Europe’s Data Privacy Rules https://spectrum.ieee.org/at-work/tech-careers/what-developers-need-to-know-about-europes-data-privacy-rules by Jeremy Hsu, at IEEE Spectrum  Your Guide to the GDPR https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr by Rosa María García Sanz, at IEEE Spectrum.  I’m a Developer and General Data Protection Regulation (GDPR) is no big deal. Or is it? https://hackernoon.com/im-a-developer-and-general-data-protection-regulation-gdpr-is-no-big-deal-or-is-it- 2f2b7b3f124 by Bryan Soltis, at Hackernoon blog on Medium.  Slides 3, 10 (images here cited under right of quotation or provided by PDP4E partners, unless otherwise specified):  Judge Gavel https://www.publicdomainpictures.net/en/view-image.php?image=164515&picture=judge-gavel by George Hodan, image in the public domain.  Privacy by Design 7 principles http://privacybydesign.ca/ (offline) by Ann Cavoukian  OneTrust privacy shield dashboard https://www.onetrust.com/es/products/ © OneTrust  ‘Time to adopt’ PETs poster © Enisa, use authorized under https://www.enisa.europa.eu/about-enisa/legal-notice  Papyrus captures from https://www.eclipse.org/papyrus/ , https://www.eclipse.org/papyrus/components/sysml/0.8.0/ , https://www.polarsys.org/list-of-projects © Eclipse Foundation, Inc.  OpenCert capture https://www.amass-ecsel.eu/content/opencert-base-tool-amass-management-assurance-and-compliance © Tecnalia, used under authorization.  Slide 7: Figure cited from NOTARIO, Nicolás, et al. PRIPARE: integrating privacy best practices into a privacy engineering methodology. In 2015 IEEE Security and Privacy Workshops. IEEE, 2015. p. 151-158.  Slide 13:  DFD by Howard, M., & Lipner, S. (2006). The security development lifecycle : SDL, a process for developing demonstrably more secure software., p.113  Class diagram https://www.flickr.com/photos/79364035@N04/8402807365 by elisa_abuyah licensed under CC-BY--2.0 license https://creativecommons.org/licenses/by/2.0/  SysML IBD http://www.conceptdraw.com/solution-park/resource/images/solutions/software-sysml/Software-Development-SYSML-Block-Definition-Diagram.png by CS Odessa, licensed under the Creative Commons Attribution 4.0 International license. 18/06/2019 PDP4E
Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Thank you for your attention Questions? For more information, visit: www.pdp4e-project.org We’ll be waiting for you at the APF exhibition booth! Yod Samuel Martín (UPM) ys.martin@upm.es Gabriel Pedroza (CEA) gabriel.pedroza@cea.fr

Recommandé

Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_dPrivacy Data Protection for Engineering
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineering
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 

Recommandé

Pdp4 e forum
Pdp4 e forumPdp4 e forum
Pdp4 e forumPrivacy Data Protection for Engineering
 
Paris wp5 pd-pb_d
Paris wp5 pd-pb_dParis wp5 pd-pb_d
Paris wp5 pd-pb_dPrivacy Data Protection for Engineering
 
Beawre pitch
Beawre pitchBeawre pitch
Beawre pitchPrivacy Data Protection for Engineering
 
Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Wp6 workshop 10_march2020
Wp6 workshop 10_march2020Privacy Data Protection for Engineering
 
Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Wp4 tool demonstration_v1
Wp4 tool demonstration_v1Privacy Data Protection for Engineering
 
Wp4 overall approach_v1
Wp4 overall approach_v1Wp4 overall approach_v1
Wp4 overall approach_v1Privacy Data Protection for Engineering
 
Privacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineers - PDP4E
Privacy Data Protection for Engineers - PDP4EPrivacy Data Protection for Engineering
 
Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Pdp4 e privacy engineering toolkit ipen 2019
Pdp4 e privacy engineering toolkit ipen 2019Privacy Data Protection for Engineering
 
Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020Privacy Data Protection for Engineering
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizPrivacy Data Protection for Engineering
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-ajOpen & Agile Smart Cities
 
Autopolicy module
Autopolicy moduleAutopolicy module
Autopolicy moduleSerIoT project
 
Main Innovations of the SerIoT project
Main Innovations of the SerIoT project Main Innovations of the SerIoT project
Main Innovations of the SerIoT project SerIoT project
 
Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...OpenAIRE
 
Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Knobbe Martens - Intellectual Property Law
 
Linked Data applications for BIM
Linked Data applications for BIMLinked Data applications for BIM
Linked Data applications for BIMAna Roxin
 
Leo Giannotti - EPO
Leo Giannotti - EPOLeo Giannotti - EPO
Leo Giannotti - EPOStandardization2010
 
Linked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use casesLinked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use casesLeipziger Semantic Web Tag
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Martens - Intellectual Property Law
 
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECAProject
 
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...Rute C. Sofia
 
LOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standardsLOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standardsLéon Berlo
 
MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...MIPLM
 
13028 fn broschuere_engl
13028 fn broschuere_engl13028 fn broschuere_engl
13028 fn broschuere_englCON.ECT Eventmanagement
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES.eu
 
MIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcareMIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcareMIPLM
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ... Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...Knobbe Martens - Intellectual Property Law
 
Labfiles: NetFutures
Labfiles: NetFuturesLabfiles: NetFutures
Labfiles: NetFuturesJan Van Mol
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a CareerDaviesParker
 

Contenu connexe

Tendances

Main Innovations of the SerIoT project
Main Innovations of the SerIoT project Main Innovations of the SerIoT project
Main Innovations of the SerIoT project SerIoT project
 
Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...OpenAIRE
 
Linked Data applications for BIM
Linked Data applications for BIMLinked Data applications for BIM
Linked Data applications for BIMAna Roxin
 
Linked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use casesLinked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use casesLeipziger Semantic Web Tag
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Martens - Intellectual Property Law
 
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECAProject
 
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...Rute C. Sofia
 
LOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standardsLOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standardsLéon Berlo
 
MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...MIPLM
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES.eu
 
MIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcareMIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcareMIPLM
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ... Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...Knobbe Martens - Intellectual Property Law
 
Labfiles: NetFutures
Labfiles: NetFuturesLabfiles: NetFutures
Labfiles: NetFuturesJan Van Mol
 

Tendances (20)

Wp4 ws cea2020
Wp4 ws cea2020Wp4 ws cea2020
Wp4 ws cea2020
 
Granular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra RuizGranular or holistic approaches 210126 Alejandra Ruiz
Granular or holistic approaches 210126 Alejandra Ruiz
 
2019 04-08 hopu-aj
2019 04-08 hopu-aj2019 04-08 hopu-aj
2019 04-08 hopu-aj
 
Autopolicy module
Autopolicy moduleAutopolicy module
Autopolicy module
 
Main Innovations of the SerIoT project
Main Innovations of the SerIoT project Main Innovations of the SerIoT project
Main Innovations of the SerIoT project
 
Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...Open Research Data in H2020 and the Data Management plans requirements (Laser...
Open Research Data in H2020 and the Data Management plans requirements (Laser...
 
Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence Data Privacy and IP Due Diligence
Data Privacy and IP Due Diligence
 
Linked Data applications for BIM
Linked Data applications for BIMLinked Data applications for BIM
Linked Data applications for BIM
 
Leo Giannotti - EPO
Leo Giannotti - EPOLeo Giannotti - EPO
Leo Giannotti - EPO
 
Linked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use casesLinked Data Publication Pipelines for Agri-Related use cases
Linked Data Publication Pipelines for Agri-Related use cases
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
 
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
CINECA webinar slides: Status Update Code of Conduct: Teaming up & Talking ab...
 
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
Unified Communications in IoT, Evolutionary Aspects and the Role of Informati...
 
LOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standardsLOC presentation 2020: Future of openBIM standards
LOC presentation 2020: Future of openBIM standards
 
MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...MIPLM research projekt ip and economic aspects of a predictive maintenance se...
MIPLM research projekt ip and economic aspects of a predictive maintenance se...
 
13028 fn broschuere_engl
13028 fn broschuere_engl13028 fn broschuere_engl
13028 fn broschuere_engl
 
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018e-SIDES workshop at ICT 2018, Vienna 5/12/2018
e-SIDES workshop at ICT 2018, Vienna 5/12/2018
 
MIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcareMIPLM research projekt data driven business models in healthcare
MIPLM research projekt data driven business models in healthcare
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ... Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure ...
 
Labfiles: NetFutures
Labfiles: NetFuturesLabfiles: NetFutures
Labfiles: NetFutures
 

Similaire à Pdp4e IPEN-2019

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a CareerDaviesParker
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.James Seville
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsIRJET Journal
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Joe Orlando
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsGeorges Ataya
 
GDPR: Data Privacy in the New
GDPR: Data Privacy in the NewGDPR: Data Privacy in the New
GDPR: Data Privacy in the Newaccenture
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securitySamo Zavašnik
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Janelle RW Hsia
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Trish McGinity, CCSK
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 

Similaire à Pdp4e IPEN-2019 (20)

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
Privacy as a Career
Privacy as a CareerPrivacy as a Career
Privacy as a Career
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
ITCamp 2018 - Cristiana Fernbach - GDPR compliance in the industry 4.0
 
Ipen2018
Ipen2018Ipen2018
Ipen2018
 
Paris wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_studyParis wp5 pd-pb_d_case_study
Paris wp5 pd-pb_d_case_study
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Big Data: Privacy and Security Aspects
Big Data: Privacy and Security AspectsBig Data: Privacy and Security Aspects
Big Data: Privacy and Security Aspects
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?Is Encryption the Only Key to GDPR?
Is Encryption the Only Key to GDPR?
 
Specialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionalsSpecialized education for DPO and GDPR professionals
Specialized education for DPO and GDPR professionals
 
GDPR: Data Privacy in the New
GDPR: Data Privacy in the NewGDPR: Data Privacy in the New
GDPR: Data Privacy in the New
 
DPO Circle 2018
DPO Circle 2018 DPO Circle 2018
DPO Circle 2018
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
INFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL securityINFOMAGAZINE 8 by REAL security
INFOMAGAZINE 8 by REAL security
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17Privacy by design Austin Chambers 11-9-17
Privacy by design Austin Chambers 11-9-17
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 

Plus de Privacy Data Protection for Engineering

Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Privacy Data Protection for Engineering
 

Plus de Privacy Data Protection for Engineering (8)

Wp6 public
Wp6 publicWp6 public
Wp6 public
 
Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4Wp5 overall approach_3-pd_pbdmodules_v4
Wp5 overall approach_3-pd_pbdmodules_v4
 
Dpm presentation
Dpm presentationDpm presentation
Dpm presentation
 
Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...Long term security evolution of ai and data protection antonio kung trialog...
Long term security evolution of ai and data protection antonio kung trialog...
 
Granular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio KungGranular or holistic approaches - Antonio Kung
Granular or holistic approaches - Antonio Kung
 
Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10Antonio kung impact of ai on privacy sept 10
Antonio kung impact of ai on privacy sept 10
 
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
Antonio kung - pdp4e privacy engineering oxford sept 9 - v2
 
Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2Ipen 2019 roma status of privacy engineering standardisation v2
Ipen 2019 roma status of privacy engineering standardisation v2
 

Dernier

Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersMairaAshraf6
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Call Girls Mumbai
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxMuhammadAsimMuhammad6
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VDineshKumar4165
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...Amil baba
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdfKamal Acharya
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARKOUSTAV SARKAR
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationBhangaleSonal
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesChandrakantDivate1
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilVinayVitekari
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptDineshKumar4165
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"mphochane1998
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaOmar Fathy
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwaitjaanualu31
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEselvakumar948
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdfKamal Acharya
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.Kamal Acharya
 

Dernier (20)

Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
Bhubaneswar🌹Call Girls Bhubaneswar ❤Komal 9777949614 💟 Full Trusted CALL GIRL...
 
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptxOrlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
Orlando’s Arnold Palmer Hospital Layout Strategy-1.pptx
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
NO1 Top No1 Amil Baba In Azad Kashmir, Kashmir Black Magic Specialist Expert ...
 
Online electricity billing project report..pdf
Online electricity billing project report..pdfOnline electricity billing project report..pdf
Online electricity billing project report..pdf
 
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptxCOST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKARHAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
HAND TOOLS USED AT ELECTRONICS WORK PRESENTED BY KOUSTAV SARKAR
 
DC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equationDC MACHINE-Motoring and generation, Armature circuit equation
DC MACHINE-Motoring and generation, Armature circuit equation
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Moment Distribution Method For Btech Civil
Moment Distribution Method For Btech CivilMoment Distribution Method For Btech Civil
Moment Distribution Method For Btech Civil
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments""Lesotho Leaps Forward: A Chronicle of Transformative Developments"
"Lesotho Leaps Forward: A Chronicle of Transformative Developments"
 
Introduction to Serverless with AWS Lambda
Introduction to Serverless with AWS LambdaIntroduction to Serverless with AWS Lambda
Introduction to Serverless with AWS Lambda
 
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills KuwaitKuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
Kuwait City MTP kit ((+919101817206)) Buy Abortion Pills Kuwait
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLEGEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
GEAR TRAIN- BASIC CONCEPTS AND WORKING PRINCIPLE
 
School management system project Report.pdf
School management system project Report.pdfSchool management system project Report.pdf
School management system project Report.pdf
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 

Pdp4e IPEN-2019

  • 1. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering PDP4E privacy engineering toolkit Yod Samuel Martín (UPM) Gabriel Pedroza (CEA LIST) IPEN Workshop 2019 - Rome, June 12 2019 This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034
  • 2. Should GDPR be an engineer’s job? (Tip: It seems it should indeed) 18/06/2019 1/3 PDP4E
  • 3. The privacy and data protection engineering gap What engineers get… What engineers want… 18/06/2019 PDP4E GDPR PbD PETs PPM/PEM
  • 4. PDP4E response: what engineers need Software and Systems Engineering Disciplines Existent Privacy & Data Protection Methods Privacy and Data Protection Engineering Methods and Tools Engineers are not privacy experts, yet they will face privacy issues (even if they may get expert advice) Privacy adoption entails for methods and tools integrated within the large heritage of sw. & sys. engineering 1. Seamlessly include privacy & data protection into software & system engineering tools 2. Integrate privacy & data protection activities into the SDLC stages 3. Provide a readily available body of knowledge with existent wisdom 4. Foster a community of privacy & data protection engineering “Endow engineers with privacy and data protection tools aligned to their mindset”
  • 5. PDP4E response: what engineers need Metamodels Knowledge Bases Smart grid demonstrator Fintech demonstrator Requirements engineering Risk management Model-driven design Assurance and certification TRL6 TRL7 Byproducts Connected vehicle demonstrator Smart grid demonstrator
  • 6. 18/06/2019 PDP4E System Models Requirements Threats, Controls… Reqs., Controls… Privacy Controls Evidences Risk Management Model-Driven Design Requirements Engineering Assurance Regulation, Ass. Patterns Threats, Controls… Reqs., Controls… Patterns…
  • 7. Risk-orientation of GDPR Even if there is no damage to the data subject, you are not compliant if you don’t assess and mitigate risks. Multilateral risk management: Data protection impact assessment Security impact analysis, security measures Compensations, liabilities and fines Supply Chain and Vendor Relationship Management (i.e. processors’, joint controllers, third parties, transfers…) Risks to rights and freedoms of the data subjects Risks derived from data breaches Derived business risks … But not everything in GDPR is a risk: - e.g. “risk of not asking the data subjects their age” GOAL - e.g. “risk of not providing a transparent poilcy” GOAL - vs “risk of misidentifying a child as an adult” UNCERTAINTY - vs “risk of users having low reading skills” UNCERTAINTY 18/06/2019 PDP4E
  • 8. MUSA risk management tool for security impact assessment 18/06/2019 PDP4E
  • 9. GDPR modelling in OpenCert: Reference Framework and Assurance Patterns 18/06/2019 PDP4E
  • 11. Privacy & data protection requirements metamodel (through Papyrus) 18/06/2019 PDP4E
  • 12. PDP4E Privacy & data protection requirements engin. method 18/06/2019 PDP4E Requirement Information Deduction ProPAn Artefacts PDP Goal Requirement Metamodel Data Protection Principle Hansen Generation of Privacy Requirement Candidates Semantic Template Adjust Privacy Requirements Validate Privacy Requirements Requirement Information Privacy Requirement Candidates Adjusted Privacy Requirements Validated Privacy Requirements Method Step External Input Internal Input/output P-DFD ProPAn Taxonomy PDP Metamodel External Input (new) X
  • 13. Personal data detector Modelling-driven design for Privacy and Data Protection engineering (through Papyrus) 18/06/2019 PDP4E Code verification and validation Model transformation Risk Management Requirem. Engineering Systems Assurance System (Asset) models Evidences (traceability, V&V…) Privacy Controls Requirements (GDPR, ISO29100)
  • 14. Privacy & data protection model-driven design. method 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Process view(s) 3)Apply strategy (e.g., inform, control, enforce, demonstrate) 1)Choose design strategy to fulfill goals/requirements 2)Design/enrich system Data view(s) 3)Apply strategy (e.g., minimize, separate, abstract, hide) 18/06/2019 PDP4E
  • 15. Image sources  Slides 1, 2, 5: all the logos of the PDP4E partners’, publications, and others are copyrighted and/or trademarked by the respective organizations.  Slide 2: captures of the headlines from browsing through the following webpages, used under right of quotation:  How GDPR Will Change The Way You Develop https://www.smashingmagazine.com/2018/02/gdpr-for-web-developers/ by Heather Burns, at Smashing Magazine.  15 steps to developing GDPR-compliant apps https://techbeacon.com/security/15-steps-developing-gdpr-compliant-apps by Johanna Curiel, at TechBeacon.  What Developers and Publishers Need to Know About the GDPR https://medium.com/struucom/what-developers-and-publishers-need-to-know-about-the-gdpr-cfe0f97412f by Struu blog on Medium.  What Developers Need to Know About Europe’s Data Privacy Rules https://spectrum.ieee.org/at-work/tech-careers/what-developers-need-to-know-about-europes-data-privacy-rules by Jeremy Hsu, at IEEE Spectrum  Your Guide to the GDPR https://spectrum.ieee.org/telecom/internet/your-guide-to-the-gdpr by Rosa María García Sanz, at IEEE Spectrum.  I’m a Developer and General Data Protection Regulation (GDPR) is no big deal. Or is it? https://hackernoon.com/im-a-developer-and-general-data-protection-regulation-gdpr-is-no-big-deal-or-is-it- 2f2b7b3f124 by Bryan Soltis, at Hackernoon blog on Medium.  Slides 3, 10 (images here cited under right of quotation or provided by PDP4E partners, unless otherwise specified):  Judge Gavel https://www.publicdomainpictures.net/en/view-image.php?image=164515&picture=judge-gavel by George Hodan, image in the public domain.  Privacy by Design 7 principles http://privacybydesign.ca/ (offline) by Ann Cavoukian  OneTrust privacy shield dashboard https://www.onetrust.com/es/products/ © OneTrust  ‘Time to adopt’ PETs poster © Enisa, use authorized under https://www.enisa.europa.eu/about-enisa/legal-notice  Papyrus captures from https://www.eclipse.org/papyrus/ , https://www.eclipse.org/papyrus/components/sysml/0.8.0/ , https://www.polarsys.org/list-of-projects © Eclipse Foundation, Inc.  OpenCert capture https://www.amass-ecsel.eu/content/opencert-base-tool-amass-management-assurance-and-compliance © Tecnalia, used under authorization.  Slide 7: Figure cited from NOTARIO, Nicolás, et al. PRIPARE: integrating privacy best practices into a privacy engineering methodology. In 2015 IEEE Security and Privacy Workshops. IEEE, 2015. p. 151-158.  Slide 13:  DFD by Howard, M., & Lipner, S. (2006). The security development lifecycle : SDL, a process for developing demonstrably more secure software., p.113  Class diagram https://www.flickr.com/photos/79364035@N04/8402807365 by elisa_abuyah licensed under CC-BY--2.0 license https://creativecommons.org/licenses/by/2.0/  SysML IBD http://www.conceptdraw.com/solution-park/resource/images/solutions/software-sysml/Software-Development-SYSML-Block-Definition-Diagram.png by CS Odessa, licensed under the Creative Commons Attribution 4.0 International license. 18/06/2019 PDP4E
  • 16. Methods and Tools for GDPR Compliance through Privacy and Data Protection 4 Engineering Thank you for your attention Questions? For more information, visit: www.pdp4e-project.org We’ll be waiting for you at the APF exhibition booth! Yod Samuel Martín (UPM) ys.martin@upm.es Gabriel Pedroza (CEA) gabriel.pedroza@cea.fr