A GDPR-Compliant Approach to Real-Time Processing of Sensitive Data

  • Luigi SgaglioneEmail author
  • Giovanni Mazzeo
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 98)


Cyber-attacks represent a serious threat to public authorities and their agencies are an attractive target for hackers. The public sector as a whole collects lots of data on its citizens, but that data is often kept on vulnerable systems. Especially for Local Public Administrations (LPAs), protection against cyber-attacks is an extremely relevant issue due to outdated technologies and budget constraints. Furthermore, the General Data Protection Regulation (GDPR) poses many constraints/limitations on the data usage when “special type of data” is processed. In this paper the approach of the EU project COMPACT (H2020) is presented and the solutions used to guarantee the data privacy during the real time monitoring performed by the COMPACT security tools are highlighted.


Real time processing SIEM SOC Data privacy Homomorphic encryption 



This project has received funding from the European Union’s Horizon 2020 Framework Programme for Research and Innovation under grant agreements No 74071 (COMPACT)


  1. 1.
    Time to face up to cyber risk. Accessed 09 Apr 2018
  2. 2.
    Coppolino, L., D’Antonio, S., Romano, L.: Exposing vulnerabilities in electric power grids: an experimental approach. Int. J. Crit. Infrastr. Prot. 7 (2014).
  3. 3.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Enhancing SIEM technology to protect critical infrastructures, pp. 10–21 (2013).
  4. 4.
    Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM platform: a dam case study, vol. 6894, pp. 199–212 (2011).
  5. 5.
    D’Antonio, S., Coppolino, L., Elia, I., Formicola, V.: Security issues of a phasor data concentrator for smart grid infrastructure (2011).
  6. 6.
    Data Breach Investigations Report (DBIR). Accessed 09 Apr 2018
  7. 7.
    CCN-CERT, Threats and Risk Analysis in Industrial Control Systems (ICS), Report IA-04/16, Centro Criptologico Nacional, Madrid, 28 January 2016. (in Spanish). Accessed 09 Apr 2018
  8. 8.
    Data security incident trends. Accessed 09 Apr 2018
  9. 9.
    Gajli, A.: Time to face up to cyber risk, Public Finance, 31 March 2016. Accessed 09 Apr 2018
  10. 10.
    3 Basic cyber security threats to be aware of that people still get wrong. Accessed 09 Apr 2018
  11. 11.
    Biggest cybersecurity threats in 2016. Accessed 09 Apr 2018
  12. 12.
    Top 7 Cyberthreats to Watch Out for in 2015-2016. Kaspersky LabGoogle Scholar
  13. 13.
    Computer security and incident response teams network.
  14. 14.
    El Gamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Proceedings of CRYPTO 84 on Advances in Cryptology. Springer, New York, pp. 10–18 (1985).
  15. 15.
    Paillier, P.: Public-key cryptosystems based on composite degree residuosity classes, pp. 223–238. Springer, Heidelberg (1999).
  16. 16.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM, New York (2009).,
  17. 17.
    van Dijk, M., Gentry, C., Halevi, S., Vaikuntanathan, V.: Fully homomorphic encryption over the integers, Cryptology ePrint Archive, Report 2009/616 (2009).
  18. 18.
    Naehrig, M., Lauter, K., Vaikuntanathan, V.: Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security Workshop, CCSW 2011, pp. 113–124. ACM, New York (2011).,

Copyright information

© Springer International Publishing AG, part of Springer Nature 2019

Authors and Affiliations

  1. 1.University of Naples “Parthenope”NaplesItaly

Personalised recommendations