Abstract
The General Data Protection Regulation (GDPR) has substantially strengthened the requirements for data processing systems, requiring audits at scale. We show how and to what extent these audits can be automated. We contribute an analysis of which parts of the GDPR can be monitored, a formalisation of these parts in metric first-order temporal logic, and an application of the MonPoly system to automatically audit these parts. We validate our ideas on a case study using log data from industry, detecting actual violations. Altogether, we demonstrate both in theory and practice how to automate GDPR compliance checking.
Original language | English |
---|---|
Title of host publication | Computer Security – ESORICS 2019 : European Symposium on Research in Computer Security |
Publisher | Springer |
Publication date | 2019 |
Pages | 681-699 |
ISBN (Electronic) | 978-3-030-29959-0 |
DOIs | |
Publication status | Published - 2019 |
Event | The 24th European Symposium on Research in Computer Security - Luxembourg, Luxembourg, Luxembourg Duration: 23 Sept 2019 → 27 Sept 2019 Conference number: 24 |
Conference
Conference | The 24th European Symposium on Research in Computer Security |
---|---|
Number | 24 |
Location | Luxembourg |
Country/Territory | Luxembourg |
City | Luxembourg |
Period | 23/09/2019 → 27/09/2019 |
Series | Lecture Notes in Computer Science |
---|---|
Volume | 11735 |
ISSN | 0302-9743 |
Keywords
- General Data Protection Regulation
- data processing systems
- automated audits
- metric first-order temporal logic
- GDPR compliance checking