WP5: Compliance toolkit

This WP will deliver the BPR4GDPR compliance toolkit, offering the necessary mechanisms for the enforcement of respective provisions at run-time. The tools comprising the result of this WP will be modular and easy to integrate in different environments, and will cover a broad spectrum of functionalities, addressing the needs of the majority of organisations; to this end, they will provide for run-time data management, enforcement of data subjects’ rights, and privacy-enhancing functions based on cryptography.

Role of participants

URM will lead WP5, as well as T5.1 on privacy-enhancing tools, transferring knowledge and scientific results from the previous experience and in particular from the related ReCRED project. SLG will orchestrate the development of data management tools, thus leading T5.2, in the context of which it will leverage and built upon its Semantic Message Broker. INNO and CAS will focus on the specification and development of user-centered tools for achieving GDPR-compliance that will be incorporated in their products, with INNO leading T5.3.

Objectives

In order to facilitate the deployment of appropriate technical measures, as required by the Regulation, the project will provide a set of functional components addressing common needs of stakeholders, such as cryptographic tools and access control infrastructures. Therefore, this WP aims at delivering a toolkit consisting of modular functions that, fostering “plug and play” to the extent possible, will be easy to deploy, easy to configure and easy to integrate within an organisation’s ICT environment, while they will be automatically incorporated to process chains, as a result of re-engineering. Towards delivering this compliance toolkit, this task’s main objectives are the following:

  • Develop cryptographic tools, devised for data and communications confidentiality, anonymisation and pseudonymisation, as well as enforcement of access rights by cryptographic means.
  • Develop data management tools that, by means of data access and usage management, will provide for controlling data handling, including management of retention and storage, pre- and post-processing, etc.
  • Develop user-centered tools, providing for the enforcement of the data subjects’ rights, as prescribed by the GDPR.