Barati, Masoud, Theodorakopoulos, George ORCID: https://orcid.org/0000-0003-2701-7809 and Rana, Omer ORCID: https://orcid.org/0000-0003-3597-2646 2020. Automating GDPR compliance verification for cloud-hosted services. Presented at: 2020 International Symposium on Networks, Computers and Communications (ISNCC), Virtual, Canada, 20-22 October 2020. 2020 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, pp. 1-6. 10.1109/ISNCC49221.2020.9297309 |
Preview |
PDF
- Accepted Post-Print Version
Download (728kB) | Preview |
Abstract
Cloud-hosted business processes require access to customer data to complete a transaction, to improve a customer’s on-line experience or provide useful product recommendations. However, privacy concerns associated with the use of this data have led to legal regulations that impose restrictions on how such data is requested or processed by an on-line service, with large penalties for violating these restrictions, e.g. the European General Data Protection Regulation (GDPR). We propose a framework for helping cloud-hosted services automate GDPR compliance checking. The framework comprises three steps: represent data flow in business processes with an appropriate abstraction (timed transition systems), formalise GDPR rules and obligations and incorporate them into the same abstraction, and implement the abstraction in a model checking tool (Uppaal) in order to automatically verify compliance of business process activities with GDPR. We demonstrate the approach using a cloud-based purchase order system.
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Date Type: | Published Online |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | IEEE |
ISBN: | 9781728156286 |
Funders: | EPSRC |
Date of First Compliant Deposit: | 26 December 2020 |
Date of Acceptance: | 10 September 2020 |
Last Modified: | 06 Jul 2023 01:58 |
URI: | https://orca.cardiff.ac.uk/id/eprint/137148 |
Citation Data
Cited 4 times in Scopus. View in Scopus. Powered By Scopus® Data
Actions (repository staff only)
Edit Item |