DAPRECO - DAta Protection REgulation Compliance

01/02/2018 to 30/06/2018

The recently approved General Data Protection Regulation (GDPR) is expected to have a significant impact on the European Digital Single Market because it changes how enterprises have to protect individual’s personal data records. To keep their businesses up and running, and to avoid the high fines that the GDPR accounts for not being comply with its provisions, enterprises must be prepared to face the effects of the application of the regulation. Concomitantly, regulators and authorities should understand how to assess compliance with the GDPR.One way to face these challenges, the way this project helps pursue, is to look at current security standards and to check what “correlations” (i.e. relations of the form “a provision x implements a provision y”) they have with the GDPR. Such correlations depend on the legal interpretations that exist and may exist of the terms and the provisions in the GDPR and in the security standards. Once these correlations are made clear, an enterprise that implements a standard will benefit from a presumption of compliance with the GDPR with respect to those parts covered by the standard. This is possible because standards provide consolidated practices and are certified by auditors and, therefore, by implementing them, enterprises have an argument of compliance coming from having followed the best practices. The same argument can be used by regulators and authorities when assessing an enterprise’s compliance with the GDPR.However, this solution has a problem that hinders its effectiveness. The GDPR and the standards are available in natural language only. Finding correlations by hand is a hard work even without considering the various legal interpretations, which however we must consider. Without an appropriate methodology and without the support of a knowledge base, the task will become easily beyond capacity for a single enterprise or authority to achieve.This project, DAPRECO, offers a solution to this well-recognized challenge in legal informatics. DAPRECO will represent in an innovative logic, the provisions in the GDPR and the current security standards. The logic, and which we call here ProLeMAS (PROcessing LEgal language in normative Multi-Agent Systems) been recently defined by one of the proponents. The provisions will be correlated via operators of the same logic. ProLeMAS integrates insights from modern formalisms in Deontic Logic and Natural Language Semantics and it has been specifically designed to handle legal norms written in natural language. A key aspect for the innovative character of this project is that ProLeMAS is capable of handling a pluralism of interpretations of its items. It is therefore able to host the plethora of legal interpretations that usually occur in the legal domain, where laws are subject to the different understandings defined by subjects such as judges, regulators, and lawyers. This is possible because the operators of the ProLeMAS logic are defeasible. DAPRECO will output a knowledge base which contains the ProLeMAS correlations expressing the ‘formal compliance’ (versus ‘substantive compliance’) of the terms and provisions in the standards and the GDPR. The output of this project is therefore a formal knowledge base, the DAPRECO Knowledge Base, built according to the rigorous methodology that we are going to define fully during the execution of the project. Notably, the legal interpretations of the existing correlations between the security standards and the GDPR can be updated. Different interpretations can be accumulated in our knowledge base, together with the history of their supersedences or their unsolved conflicts, so making the DAPRECO Knowledge Base be the potentially ground-breaking support for professionals and for authorities in the assessment of the compliance of data processing practices with the GDPR’s provisions.

Monday, 10 December, 2018

Project type:


SMESEC project Open Call for SMEs and SME associations
SMESEC has released an open call for SMEs and SME associations in order to validate SMESEC framework and at the same time improve their systems’ security.
SMESEC is inviting SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!

Future Events

Conference on Autonomous Security Systems
02/05/2019 to 03/05/2019

Ethical and Legal Aspects of Autonomous Security Systems

An international conference to be held at the University of Zurich in Switzerland on May 2nd-3rd, 2019, aims to explore the ethical and legal aspects of autonomous systems in the security sector. Among others, autonomous systems in cybersecurity are discussed in the conference, that is co-supported by CANVAS.

Keynote speakers

Philip G. Alston, New York University and UN Special Rapporteur
Extreme Poverty and Human Rights: Artificial Intelligence as a Threat to Human Rights?

Hermeneut project at Cybertech Tel Aviv 2019

Cybertech is the cyber industry’s foremost B2B networking platform conducting industry-related events all around the globe, the go-to place to learn all about the latest technological innovations, threats, and solutions to combating threats within the global cyber arena.