A year ago The European Union has raised the required standards by applying to all countries belonging to the EU the GDPR, a new legislation that changes the rules to collect, store and use user information and therefore, in order to maintain existing contacts, companies are inquiring about the change and in some cases giving a new authorization to use the data [1]. The objective of this new privacy law is to allow European citizens to have greater control over the way in which individuals, companies and public bodies collect and use their personal data[1]

Consequently all this has imposed organizations to cope with radical changes concerning user data protection paradigms.[1]
GDPR, by promoting a Privacy by Design approach, obliges organizations to change completely their methods regarding user data acquisition, management, processing, as well as data breaches monitoring, notification and preparation of prevention plans[1].

This enforces data subjects (e.g., citizens, customers) rights enabling them to have more information regarding usage of their data, and to take decisions (e.g., revoking usage permissions)[1].
Moreover, organizations are required to trace precisely their activities on user data, enabling authorities to monitor and sanction more easily. Indeed, since GDPR has been introduced, authorities have heavily sanctioned companies found as not GDPR compliant[1].

GDPR is difficult to apply also for its length, complexity, covering many aspects, not providing details concerning technical and organizational security measures to apply. This calls for tools and methods able to support organizations in achieving GDPR compliance[1].
From the industry and the literature, there are many tools and prototypes fulfilling specific/isolated GDPR aspects, however not a comprehensive platform able to support organizations in being compliant regarding all GDPR requirements[1].

In such a scenario, a platform is being built to meet the needs of companies to comply with the GDPR. The DEFeND project, in fact, was born precisely for this purpose[1].
The architecture of the DEFeND platform is composed of 5 main services: Data Scope Management Service, Data Process Management Service, Data Breach Management Service, GDPR Planning Service and GDPR Reporting Service[1].

Each one assists organizations to collect, analyse and operationalize different aspects and articles of GDPR, and provides appropriate reporting capabilities[1].

To support those services, the platform consists of 5 back-end components: Data Assessment Component, Data Privacy Analysis Component, Privacy Specification Component, Privacy Implementation and Monitoring Component, Data Breach Component[1]. Each component includes modules that are the result of the extension of software tools, services and frameworks (described in the related work section), developed within national and international projects[1].

The DEFeND platform for the health and energy sector

We also assessed the effect that the platform would have on healthcare and the energy sector [1].

As for the energy sector, a motivating challenge is the massive deployment of smart meters in many EU countries [1].
While it improves energy efficiency, it threatens the privacy of family life. Ensuring security is a big challenge for energy companies, due to the degree of privacy and data protection that is required by the GDPR. The DEFeND platform could therefore provide technical support for companies in the energy sector that would like to be compliant with the GDPR [1].

Regarding the health sector, the GDPR describes health data as highly sensitive data, which must be protected. Furthermore, all the data must be properly archived so that they can be easily retrieved by the operators. To allow the storage of this documentation, an ad hoc designed platform for the health sector is required. For this reason, the DEFeND platform will be integrated into the hospital information system to help it comply with the GDPR [1].

It’s all for the moment.

Follow us on our social media channels to stay up to date on the project developments!

[1] Piras, L., Al-Obeidallah, M. G., Praitano, A., Tsohou, A., Mouratidis, H., Crespo, B.
G. N., Bernard, J. B., Fiorani, M., Magkos, E., Castillo Sanz, A., Pavlidis, M., D'Addario,
R., Zorzino, G. G.: DEFeND Architecture: a Privacy by Design Platform for GDPR
Compliance. In: 16th International Conference on Trust, Privacy and Security in
Digital Business (TrustBus). Springer (2019)