Skip to main content
SpringerLink
Log in

A Framework for GDPR Compliance in Big Data Systems

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12026))

Included in the following conference series:

Abstract

The verification and implementation of the GDPR regulation that aims at protecting European citizens’ privacy, is still a real challenge. In particular, in Big Data systems where data is of huge volume and heterogeneous, it is hard to track data evolution through its complex life cycle ranging from collection, ingestion, storage and analytics. In this context, from 2016 to 2019 research has been conducted and security tools designed. However, they are either specific to special applications or address only partially the regulation articles. In order to identify the covered parts, the missed ones and the necessary metrics for comparing different works, we propose a framework for GDPR compliance that identifies the main components for the regulation implementation. Based on this framework, we compare the main GDPR solutions in Big Data domain and we propose a guideline for GDPR verification and implementation in Big Data systems.

This project is carried out under the MOBIDOC scheme, funded by the EU through the EMORI program and managed by the ANPR.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)

    Google Scholar 

  2. Pham, P.L.: The applicability of the GDPR to the Internet of Things. J. Data Prot. Priv. 2(3), 254–263 (2019)

    Google Scholar 

  3. Yuan, B., Jiannan, L.: The policy effect of the General Data Protection Regulation (GDPR) on the digital public health sector in the European Union: an empirical investigation. Int. J. Environ. Res. Public Health 16(6), 1070 (2019)

    Article  Google Scholar 

  4. Lopes, I.M., Guarda, T., Oliveira, P.: Improvement of the applicability of the general data protection regulation in health clinics. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST 2019. AISC, vol. 930, pp. 155–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16181-1_15

    Chapter  Google Scholar 

  5. Shah, A., Banakar, V., Shastri, S., Wasserman, M., Chidambaram, V.: Analyzing the impact of GDPR on storage systems. In: 11th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage 2019) (2019)

    Google Scholar 

  6. Gonçalves, A., Correia, A., Cavique, L.: An approach to GDPR based on object role modeling. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’19 2019. AISC, vol. 930, pp. 595–602. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16181-1_56

    Chapter  Google Scholar 

  7. Kotsios, A., Magnani, M., Rossi, L., Shklovski, I., Vega, D.: An analysis of the consequences of the general data protection regulation (GDPR) on social network research. arXiv preprint arXiv:1903.03196 (2019)

  8. Camilo, J.: Blockchain-based consent manager for GDPR compliance. Open Identity Summit 2019 (2019)

    Google Scholar 

  9. Krempel, E., Jürgen, B.: The EU general data protection regulation and its effects on designing assistive environments. In: Proceedings of the 11th PErvasive Technologies Related to Assistive Environments Conference. ACM (2018)

    Google Scholar 

  10. Gjermundrød, H., Dionysiou, I., Costa, K.: privacyTracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 3–15. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_1

    Chapter  Google Scholar 

  11. Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 300–313. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_23

    Chapter  Google Scholar 

  12. Fischer-Hübner, S., Angulo, J., Karegar, F., Pulls, T.: Transparency, privacy and trust – technology for tracking and controlling my data disclosures: does this work? In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 3–14. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41354-9_1

    Chapter  Google Scholar 

  13. General Data Protection Regulation. https://gdpr-info.eu. Accessed 20 June 2019

  14. Fernandez-Gago, C., et al.: Tools for cloud accountability: A4Cloud tutorial. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 219–236. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18621-4_15

    Chapter  Google Scholar 

  15. The Absolute Platform. www.absolute.com. Accessed 20 June 2019

  16. Alien Vault USM. www.alienvault.com. Accessed 20 June 2019

  17. BigId. https://bigid.com/eu-gdpr/. Accessed 20 June 2019

  18. BWise GDPR Compliance solution. www.bwise.com/solutions/regulatory-compliance-management/global-data-protection-regulation-gdpr. Accessed 20 June 2019

  19. Consentua. https://consentua.com. Accessed 20 June 2019

  20. PrivacyPerfect. https://www.privacyperfect.com/fr. Accessed 20 June 2019

  21. Hesselman, C., Jansen, J., Wullink, M., Vink, K., Simon, M.: A privacy framework for DNS big data applications. Technical report (2014)

    Google Scholar 

  22. Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT Databox model. J. Reliab. Intell. Environ. 4(1), 39–55 (2018)

    Article  Google Scholar 

  23. Rhahla, M., Abdellatif, T, Attia, R., Berrayana, W.: A GDPR controller for IoT systems: application to e-health. In: WETICE (2019)

    Google Scholar 

  24. Ferreira, A., Joana, M.: TagUBig-Taming your Big Data. In: 2018 International Carnahan Conference on Security Technology (ICCST). IEEE (2018)

    Google Scholar 

  25. Data protection by design and default. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/?q=necessary. Accessed 20 June 2019

  26. Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)

    Google Scholar 

  27. Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)

  28. Apache Eagle. https://eagle.apache.org/. Accessed 20 June 2019

  29. Apache Atlas. https://atlas.apache.org/. Accessed 20 June 2019

  30. Apache Ranger. https://ranger.apache.org/. Accessed 20 June 2019

  31. Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20317-6_13

    Chapter  Google Scholar 

  32. Angulo, J., Fischer-Hübner, S., Pulls, T., Wstlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. ACM (2015)

    Google Scholar 

  33. Benghabrit, W., et al.: A cloud accountability policy representation framework. In: Closer (2014)

    Google Scholar 

  34. Apache Knox. https://knox.apache.org/. Accessed 20 June 2019

  35. D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y. A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)

  36. Wu, J., Zheng, L.: Research on customer segmentation model by clustering. In: Proceedings of the 7th International Conference on Electronic Commerce. ACM (2005)

    Google Scholar 

  37. Cavoukian, A., Chibba, M., Williamson, G., Ferguson, A.: The importance of ABAC: attribute-based access control to big data: privacy and context. Ryerson University, Toronto, Canada, Privacy and Big Data Institute (2015)

    Google Scholar 

  38. Tokenization. https://www.pcidss.com/listing-category/pci-dss-tokenization/. Accessed 20 June 2019

  39. Apache Kafka. https://kafka.apache.org/. Accessed 20 June 2019

  40. Cattell, R.: Scalable SQL and NoSQL data stores. Acm Sigmod Rec. 39(4), 12–27 (2011)

    Article  Google Scholar 

  41. Yod-Samuel, M., Kung, A.: Methods and tools for GDPR compliance through privacy and data protection engineering. In: IEEE European Symposium on Security and Privacy Workshops (EuroSPW), IEEE 2018, pp. 108–111 (2018)

    Google Scholar 

  42. Schneider, G.: Is privacy by construction possible? In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 471–485. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03418-4_28

    Chapter  Google Scholar 

  43. Ferrara, P., Fausto, S.: Static analysis for GDPR compliance. In: ITASEC (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Polytechnic School of Tunisia, SERCOM, University of Carthage, Tunis, Tunisia

    Mouna Rhahla, Sahar Allegue & Takoua Abdellatif

  2. Proxym-Lab, Proxym-IT, Sousse, Tunisia

    Mouna Rhahla & Sahar Allegue

Authors
  1. Mouna Rhahla
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sahar Allegue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Takoua Abdellatif
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Mouna Rhahla , Sahar Allegue or Takoua Abdellatif .

Editor information

Editors and Affiliations

  1. ReDCAD, University of Sfax, Sfax, Tunisia

    Slim Kallel

  2. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Frédéric Cuppens

  3. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Nora Cuppens-Boulahia

  4. ReDCAD, University of Sfax, Sfax, Tunisia

    Ahmed Hadj Kacem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Rhahla, M., Allegue, S., Abdellatif, T. (2020). A Framework for GDPR Compliance in Big Data Systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41568-6_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41567-9

  • Online ISBN: 978-3-030-41568-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation