DEFeND: the data governance framework for supporting GDPR

DEFeND is an international partnership that will deliver a platform to empower organisations in different sectors to assess and comply to the European Union’s General Data Protection Regulation (GDPR)

Latest Tweets

In February 2018, @ABI_Lab was awarded from the @EU_Commission for the REDFin, which has the aim to increase the levels of cyber resilience of the Italian financial sector. Thanks to the funding body @Inea_EU, REDfin can partner with DEFeND.
https://t.co/Pueu8ICzut

#GDPR #H2020

DEFeND Project partners with European project:@Pdp4E, which deals with methods and tools for #GDPR Compliance through #privacy and data protection.
Find out more: https://t.co/YsFWHSaJqq

#H2020 #DataPrivacy

Milan, Today: Are you going to the “IT ARCHITECTURES & INFORMATION GOVERNANCE” workshop? The DEFeND Project will be introduced to over 100 representatives from the banking sector (GDPR specialists) by @abi-lab.

#CyberSecurity #gdprcompliance #banks #InformationSecurity

On 11 September 2018 during the clinical session at the hospital Niño Jesus, the DEFeND project was presented. There was a great interest showed by the doctors to know about the #H2020 project, the hospital is taking part in.
https://t.co/4h5k5JOcGn

#Horizon2020 #DataPrivacy

Did you participate in the Academic Presentation of the European DEFeND project at UniTn, the University of Trento? It covered the following topics: challenges of the #GDPR, overview of the #Defendproject.
https://t.co/AlUeA3pN87

#H2020 #Cybersecurity

/

DURATION

30 months

Topic

DS-08-2017  – Cybersecurity PPP: Privacy, Data Protection, Digital Identities

GRANT AMOUNT

EUR 2,737,300.00

ELIGIBLE COSTS

EUR 3,326,987.50

START DATE

1 July 2018

CALL

H2020-DS-2016-2017 – Digital Security Focus Area

The DEFeND Platform vs. GDPR

DEFeND is an Innovation Action (IA) project, and as such its main focus will be on improving existing software tools and frameworks and developing new ‘integration software’, driven by market needs, to deliver a unique organizational data privacy governance platform. In particular, the project technical focus is on delivering the novel Data Privacy Governance for Supporting GDPR (DEFeND) platform, which supports organizational-focused privacy governance and addresses challenges faced by organisations when complying with GDPR.

The project will achieve its aim by introducing a new paradigm, which we call Model-Driven Privacy Governance (MDPG). Such paradigm enables building (from an abstract to a concrete level) and analysing privacy related models following a Privacy-by-Design approach that spans over two levels, the Planning Level and the Operational Level, and across three management areas, i.e. Data Scope, Data Process and Data Breach.

The Architecture

The DEFeND platform provides 5 main services to organisations and relevant stakeholders: Data Scope Management Service, Data Process Management Service, Data Breach Management Service, GDPR Planning Service and GDPR Reporting Service. Each one of these services assists organisations to collect, analyse and operationalise different aspects and articles of the GDPR and provide appropriate reporting capabilities. To support those services, the platform consists of five (5) back-end components. Each component includes a number of modules aiming to deliver functionalities

The Dashboard

The platform dashboard acts as an interface (i.e. front-end) between the platform users (both organisations and clients/citizens, i.e. data controllers and data subjects) and the back-end components of the platform . The main purpose of the dashboard is on one hand to provide organisations with control over the creation, deployment, and monitoring of a data privacy governance strategy, which will help them to achieve GDPR compliance, and on the other hand to enable citizens/clients to interact with the platform to support the necessary consent related activities required by GDPR

The Pilots

DEFeND platform will be tested in operational environment (TRL 7) for two different types of scenarios across four sectors, focusing on the GDPR compliance process for end-users and on the GDPR implications for external stakeholders