Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

Demonstrating GDPR accountability with CSM-ROPA: extensions to the data privacy vocabulary

Ryan, Paul and Brennan, Rob orcid logoORCID: 0000-0001-8236-362X (2021) Demonstrating GDPR accountability with CSM-ROPA: extensions to the data privacy vocabulary. In: 24th International Conference Enterprise Information Systems (ICEIS '21), 26-28 Apr 2021, Online.

Abstract
The creation and maintenance of a Register of Processing Activities (ROPA) are essential to meeting the Accountability Principle of the General Data Protection Regulation (GDPR). We evaluate a semantic model CSM-ROPA to establish the extent to which it can be used to express a regulator provided accountability tracker to facilitate GDPR/ROPA compliance. We show that the ROPA practices of organisations are largely based on manual paper-based templates or non-interoperable systems, leading to inadequate GDPR/ROPA compliance levels. We contrast these current approaches to GDPR/ROPA compliance with best practice for regulatory compliance and identify four critical features of systems to support accountability. We conduct a case study to analyse the extent that CSM-ROPA, can be used as an interoperable, machine-readable mediation layer to express a regulator supplied ROPA accountability tracker. We demonstrate that CSM-ROPA can successfully express 92% of ROPA accountability terms. The addition of connectable vocabularies brings the expressivity to 98%. We identify three terms for addition to the CSM-ROPA to enable full expressivity. The application of CSM-ROPA provides opportunities for demonstrable and validated GDPR compliance. This standardisation would enable the development of automation, and interoperable tools for supported accountability and the demonstration of GDPR compliance.
Metadata
Item Type:Conference or Workshop Item (Paper)
Event Type:Conference
Refereed:Yes
Uncontrolled Keywords:Data Protection Officer; RegTech; Register of Processing Activities; Semantic Web
Subjects:UNSPECIFIED
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Institutes and Centres > ADAPT
Published in: 24th International Conference Enterprise Information Systems (ICEIS '21), Proceedings. . ICEIS.
Publisher:ICEIS
Official URL:https://www.insticc.org/node/TechnicalProgram/icei...
Copyright Information:© 2021 The Authors
Use License:This item is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 3.0 License. View License
Funders:Uniphar PLC., ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund
ID Code:25797
Deposited On:23 Apr 2021 13:35 by Vidatum Academic . Last Modified 04 Nov 2021 14:14
Documents

Full text available as:

[thumbnail of ICEIS_2021_23_CR.pdf]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
498kB
Downloads

Downloads

Downloads per month over past year

Archive Staff Only: edit this record