Abstract
The verification and implementation of the GDPR regulation that aims at protecting European citizens’ privacy, is still a real challenge. In particular, in Big Data systems where data is of huge volume and heterogeneous, it is hard to track data evolution through its complex life cycle ranging from collection, ingestion, storage and analytics. In this context, from 2016 to 2019 research has been conducted and security tools designed. However, they are either specific to special applications or address only partially the regulation articles. In order to identify the covered parts, the missed ones and the necessary metrics for comparing different works, we propose a framework for GDPR compliance that identifies the main components for the regulation implementation. Based on this framework, we compare the main GDPR solutions in Big Data domain and we propose a guideline for GDPR verification and implementation in Big Data systems.
This project is carried out under the MOBIDOC scheme, funded by the EU through the EMORI program and managed by the ANPR.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)
Pham, P.L.: The applicability of the GDPR to the Internet of Things. J. Data Prot. Priv. 2(3), 254–263 (2019)
Yuan, B., Jiannan, L.: The policy effect of the General Data Protection Regulation (GDPR) on the digital public health sector in the European Union: an empirical investigation. Int. J. Environ. Res. Public Health 16(6), 1070 (2019)
Lopes, I.M., Guarda, T., Oliveira, P.: Improvement of the applicability of the general data protection regulation in health clinics. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST 2019. AISC, vol. 930, pp. 155–165. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16181-1_15
Shah, A., Banakar, V., Shastri, S., Wasserman, M., Chidambaram, V.: Analyzing the impact of GDPR on storage systems. In: 11th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage 2019) (2019)
Gonçalves, A., Correia, A., Cavique, L.: An approach to GDPR based on object role modeling. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’19 2019. AISC, vol. 930, pp. 595–602. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-16181-1_56
Kotsios, A., Magnani, M., Rossi, L., Shklovski, I., Vega, D.: An analysis of the consequences of the general data protection regulation (GDPR) on social network research. arXiv preprint arXiv:1903.03196 (2019)
Camilo, J.: Blockchain-based consent manager for GDPR compliance. Open Identity Summit 2019 (2019)
Krempel, E., Jürgen, B.: The EU general data protection regulation and its effects on designing assistive environments. In: Proceedings of the 11th PErvasive Technologies Related to Assistive Environments Conference. ACM (2018)
Gjermundrød, H., Dionysiou, I., Costa, K.: privacyTracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 3–15. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46963-8_1
Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 300–313. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12942-2_23
Fischer-Hübner, S., Angulo, J., Karegar, F., Pulls, T.: Transparency, privacy and trust – technology for tracking and controlling my data disclosures: does this work? In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 3–14. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41354-9_1
General Data Protection Regulation. https://gdpr-info.eu. Accessed 20 June 2019
Fernandez-Gago, C., et al.: Tools for cloud accountability: A4Cloud tutorial. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 219–236. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-18621-4_15
The Absolute Platform. www.absolute.com. Accessed 20 June 2019
Alien Vault USM. www.alienvault.com. Accessed 20 June 2019
BigId. https://bigid.com/eu-gdpr/. Accessed 20 June 2019
BWise GDPR Compliance solution. www.bwise.com/solutions/regulatory-compliance-management/global-data-protection-regulation-gdpr. Accessed 20 June 2019
Consentua. https://consentua.com. Accessed 20 June 2019
PrivacyPerfect. https://www.privacyperfect.com/fr. Accessed 20 June 2019
Hesselman, C., Jansen, J., Wullink, M., Vink, K., Simon, M.: A privacy framework for DNS big data applications. Technical report (2014)
Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT Databox model. J. Reliab. Intell. Environ. 4(1), 39–55 (2018)
Rhahla, M., Abdellatif, T, Attia, R., Berrayana, W.: A GDPR controller for IoT systems: application to e-health. In: WETICE (2019)
Ferreira, A., Joana, M.: TagUBig-Taming your Big Data. In: 2018 International Carnahan Conference on Security Technology (ICCST). IEEE (2018)
Data protection by design and default. https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/?q=necessary. Accessed 20 June 2019
Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)
Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
Apache Eagle. https://eagle.apache.org/. Accessed 20 June 2019
Apache Atlas. https://atlas.apache.org/. Accessed 20 June 2019
Apache Ranger. https://ranger.apache.org/. Accessed 20 June 2019
Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20317-6_13
Angulo, J., Fischer-Hübner, S., Pulls, T., Wstlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. ACM (2015)
Benghabrit, W., et al.: A cloud accountability policy representation framework. In: Closer (2014)
Apache Knox. https://knox.apache.org/. Accessed 20 June 2019
D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y. A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)
Wu, J., Zheng, L.: Research on customer segmentation model by clustering. In: Proceedings of the 7th International Conference on Electronic Commerce. ACM (2005)
Cavoukian, A., Chibba, M., Williamson, G., Ferguson, A.: The importance of ABAC: attribute-based access control to big data: privacy and context. Ryerson University, Toronto, Canada, Privacy and Big Data Institute (2015)
Tokenization. https://www.pcidss.com/listing-category/pci-dss-tokenization/. Accessed 20 June 2019
Apache Kafka. https://kafka.apache.org/. Accessed 20 June 2019
Cattell, R.: Scalable SQL and NoSQL data stores. Acm Sigmod Rec. 39(4), 12–27 (2011)
Yod-Samuel, M., Kung, A.: Methods and tools for GDPR compliance through privacy and data protection engineering. In: IEEE European Symposium on Security and Privacy Workshops (EuroSPW), IEEE 2018, pp. 108–111 (2018)
Schneider, G.: Is privacy by construction possible? In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 471–485. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03418-4_28
Ferrara, P., Fausto, S.: Static analysis for GDPR compliance. In: ITASEC (2018)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Rhahla, M., Allegue, S., Abdellatif, T. (2020). A Framework for GDPR Compliance in Big Data Systems. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-41568-6_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41567-9
Online ISBN: 978-3-030-41568-6
eBook Packages: Computer ScienceComputer Science (R0)