Skip to main content
DORAS
DCU Online Research Access Service
Login (DCU Staff Only)
A GDPR international transfer compliance framework based on an extended data privacy vocabulary (DPV)

Hickey, David ORCID: 0000-0002-9999-5583 and Brennan, Rob ORCID: 0000-0001-8236-362X (2021) A GDPR international transfer compliance framework based on an extended data privacy vocabulary (DPV). In: 34th International Conference on Legal Knowledge and Information Systems (JURIX 2021), 8-10-Dec 2021, Vilnius, Lithuania. ISBN 978-1-64368-252-5

Full text available as:

[img]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
1MB

Abstract

This paper describes a new model, using a privacy vocabulary standard (the Data Privacy Vocabulary, DPV) to audit and monitor GDPR compliance of international transfers of personal data. New terms were identified which I have proposed as extensions to the DPV. A prototype software tool was built based on the model, and synthetic use-cases created to test the capabilities of the model and tool (together a compliance framework). This framework was created because the rules around international transfer compliance are complex and changing, there is an absence of a common approach to ensuring compliance, few (if any) tools exist to assist, and those that do lack interoperability. Evaluation results demonstrate that the proposed model improves compliance in terms of identification and standardization from less than 35% to over 90% in test use-cases. The tool received very positive feedback from the data protection practitioners who participated in the evaluation, and an initial version of the tool is now in use in one financial services organization. While currently the tool only addresses international transfers, in theory the framework can be extended through further work to the broader area of compliance of all aspects of the GPDR (being based on the DPV).

Item Type:Conference or Workshop Item (Paper)
Event Type:Conference
Refereed:Yes
Additional Information:https://www.iospress.com/search?query=jurix&page=1
Uncontrolled Keywords:GDPR, International Transfer, Compliance, DPV, Data Protection, Privacy
Subjects:UNSPECIFIED
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Initiatives and Centres > ADAPT
Published in: Schweighofer, E., (ed.) Legal Knowledge and Information Systems. Frontiers of Artificial Intelligence and Applications 346. IOS Press. ISBN 978-1-64368-252-5
Publisher:IOS Press
Copyright Information:© 2021 The Authors
ID Code:26372
Deposited On:06 Dec 2021 18:36 by Vidatum Academic . Last Modified 06 Dec 2021 18:36

Downloads

Downloads per month over past year

Archive Staff Only: edit this record

  • Student Email
  • Staff Email
  • Student Apps
  • Staff Apps
  • Loop
  • Disclaimer
  • Privacy
  • Contact Us