The General Data Protection Regulation (GDPR) has substantially strengthened the requirements for data processing systems, requiring audits at scale. We show how and to what extent these audits can be automated. We contribute an analysis of which parts of the GDPR can be monitored, a formalisation of these parts in metric first-order temporal logic, and an application of the MonPoly system to automatically audit these parts. We validate our ideas on a case study using log data from industry, detecting actual violations. Altogether, we demonstrate both in theory and practice how to automate GDPR compliance checking.
CITATION STYLE
Arfelt, E., Basin, D., & Debois, S. (2019). Monitoring the GDPR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11735 LNCS, pp. 681–699). Springer. https://doi.org/10.1007/978-3-030-29959-0_33
Mendeley helps you to discover research relevant for your work.