Modelling Technique for GDPR-compliance: Toward a Comprehensive Solution

TL;DR

This paper introduces a comprehensive threat modelling technique tailored for GDPR compliance, integrating existing security and privacy models with GDPR principles to identify and mitigate non-compliance threats in complex data systems.

Contribution

It proposes a novel data flow diagram, a knowledge base, and an inference engine to model GDPR compliance threats, addressing gaps in existing threat modelling approaches.

Findings

Effective identification of GDPR non-compliance threats in telehealth systems

Integration of GDPR principles with security and privacy models

Demonstrated feasibility and effectiveness of the approach

Abstract

Data-driven applications and services have been increasingly deployed in all aspects of life including healthcare and medical services in which a huge amount of personal data is collected, aggregated, and processed in a centralised server from various sources. As a consequence, preserving the data privacy and security of these applications is of paramount importance. Since May 2018, the new data protection legislation in the EU/UK, namely the General Data Protection Regulation (GDPR), has come into force and this has called for a critical need for modelling compliance with the GDPR's sophisticated requirements. Existing threat modelling techniques are not designed to model GDPR compliance, particularly in a complex system where personal data is collected, processed, manipulated, and shared with third parties. In this paper, we present a novel comprehensive solution for developing a threat modelling technique to address threats of non-compliance and mitigate them by taking GDPR requirements as the baseline and combining them with the existing security and privacy modelling techniques (i.e., \textit{STRIDE} and \textit{LINDDUN}, respectively). For this purpose, we propose a new data flow diagram integrated with the GDPR principles, develop a knowledge base for the non-compliance threats, and leverage an inference engine for reasoning the GDPR non-compliance threats over the knowledge base. Finally, we demonstrate our solution for threats of non-compliance with legal basis and accountability in a telehealth system to show the feasibility and effectiveness of the proposed solution.