English

Modelling Technique for GDPR-compliance: Toward a Comprehensive Solution

Cryptography and Security 2024-04-23 v1

Abstract

Data-driven applications and services have been increasingly deployed in all aspects of life including healthcare and medical services in which a huge amount of personal data is collected, aggregated, and processed in a centralised server from various sources. As a consequence, preserving the data privacy and security of these applications is of paramount importance. Since May 2018, the new data protection legislation in the EU/UK, namely the General Data Protection Regulation (GDPR), has come into force and this has called for a critical need for modelling compliance with the GDPR's sophisticated requirements. Existing threat modelling techniques are not designed to model GDPR compliance, particularly in a complex system where personal data is collected, processed, manipulated, and shared with third parties. In this paper, we present a novel comprehensive solution for developing a threat modelling technique to address threats of non-compliance and mitigate them by taking GDPR requirements as the baseline and combining them with the existing security and privacy modelling techniques (i.e., \textit{STRIDE} and \textit{LINDDUN}, respectively). For this purpose, we propose a new data flow diagram integrated with the GDPR principles, develop a knowledge base for the non-compliance threats, and leverage an inference engine for reasoning the GDPR non-compliance threats over the knowledge base. Finally, we demonstrate our solution for threats of non-compliance with legal basis and accountability in a telehealth system to show the feasibility and effectiveness of the proposed solution.

Keywords

Cite

@article{arxiv.2404.13979,
  title  = {Modelling Technique for GDPR-compliance: Toward a Comprehensive Solution},
  author = {Naila Azam and Anna Lito Michala and Shuja Ansari and Nguyen Truong},
  journal= {arXiv preprint arXiv:2404.13979},
  year   = {2024}
}

Comments

6 pages, 6 figures, Accepted at GLOBECOM 2023

R2 v1 2026-06-28T16:01:57.514Z