Ryan, Paul and Brennan, Rob ORCID: 0000-0001-8236-362X (2021) Demonstrating GDPR accountability with CSM-ROPA: extensions to the data privacy vocabulary. In: 24th International Conference Enterprise Information Systems (ICEIS '21), 26-28 Apr 2021, Online.
Abstract
The creation and maintenance of a Register of Processing Activities (ROPA) are essential to meeting the Accountability Principle of the General Data Protection Regulation (GDPR). We evaluate a semantic model CSM-ROPA to establish the extent to which it can be used to express a regulator provided accountability tracker to facilitate GDPR/ROPA compliance. We show that the ROPA practices of organisations are largely based on manual paper-based templates or non-interoperable systems, leading to inadequate GDPR/ROPA compliance levels. We contrast these current approaches to GDPR/ROPA compliance with best practice for regulatory compliance and identify four critical features of systems to support accountability. We conduct a case study to analyse the extent that CSM-ROPA, can be used as an interoperable, machine-readable mediation layer to express a regulator supplied ROPA accountability tracker. We demonstrate that CSM-ROPA can successfully express 92% of ROPA accountability terms. The addition of connectable vocabularies brings the expressivity to 98%. We identify three terms for addition to the CSM-ROPA to enable full expressivity. The application of CSM-ROPA provides opportunities for demonstrable and validated GDPR compliance. This standardisation would enable the development of automation, and interoperable tools for supported accountability and the demonstration of GDPR compliance.
Metadata
Item Type: | Conference or Workshop Item (Paper) |
---|---|
Event Type: | Conference |
Refereed: | Yes |
Uncontrolled Keywords: | Data Protection Officer; RegTech; Register of Processing Activities; Semantic Web |
Subjects: | UNSPECIFIED |
DCU Faculties and Centres: | DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing Research Institutes and Centres > ADAPT |
Published in: | 24th International Conference Enterprise Information Systems (ICEIS '21), Proceedings. . ICEIS. |
Publisher: | ICEIS |
Official URL: | https://www.insticc.org/node/TechnicalProgram/icei... |
Copyright Information: | © 2021 The Authors |
Use License: | This item is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 3.0 License. View License |
Funders: | Uniphar PLC., ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund |
ID Code: | 25797 |
Deposited On: | 23 Apr 2021 13:35 by Vidatum Academic . Last Modified 04 Nov 2021 14:14 |
Documents
Full text available as:
Preview |
PDF
- Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
498kB |
Downloads
Downloads
Downloads per month over past year
Archive Staff Only: edit this record