Monitoring the GDPR: European Symposium on Research in Computer Security

Emma Arfelt Kock, David Basin, Søren Debois

Research output: Conference Article in Proceeding or Book/Report chapterArticle in proceedingsResearchpeer-review

Abstract

The General Data Protection Regulation (GDPR) has substantially strengthened the requirements for data processing systems, requiring audits at scale. We show how and to what extent these audits can be automated. We contribute an analysis of which parts of the GDPR can be monitored, a formalisation of these parts in metric first-order temporal logic, and an application of the MonPoly system to automatically audit these parts. We validate our ideas on a case study using log data from industry, detecting actual violations. Altogether, we demonstrate both in theory and practice how to automate GDPR compliance checking.
Original languageEnglish
Title of host publicationComputer Security – ESORICS 2019 : European Symposium on Research in Computer Security
PublisherSpringer
Publication date2019
Pages681-699
ISBN (Electronic)978-3-030-29959-0
DOIs
Publication statusPublished - 2019
EventThe 24th European Symposium on Research in Computer Security - Luxembourg, Luxembourg, Luxembourg
Duration: 23 Sept 201927 Sept 2019
Conference number: 24

Conference

ConferenceThe 24th European Symposium on Research in Computer Security
Number24
LocationLuxembourg
Country/TerritoryLuxembourg
CityLuxembourg
Period23/09/201927/09/2019
SeriesLecture Notes in Computer Science
Volume11735
ISSN0302-9743

Keywords

  • General Data Protection Regulation
  • data processing systems
  • automated audits
  • metric first-order temporal logic
  • GDPR compliance checking

Fingerprint

Dive into the research topics of 'Monitoring the GDPR: European Symposium on Research in Computer Security'. Together they form a unique fingerprint.

Cite this