GDPR establishes the accountability and transparency principles, which entail that organizations show in an accessible and comprehensible way how they are processing personal data and that they demonstrate they are appropriately implementing all the requirements posed by GDPR.

An Assurance Case is a set of auditable claims, arguments, and evidence created to support the claim that a defined system/service will satisfy particular given requirements. Assurance Cases have a previously successful track record to exchange information between various system stakeholders such as suppliers and acquirers, and between the operator and regulator, where the knowledge (related to e.g. the safety and security of the system) is communicated in a clear and defendable way. Assurance methods and tools are being used in PDP4E to demonstrate that compliance, through the recording of evidences that demonstrates that the processes determined by GDPR (or by ancillary standards and regulations) have been carried out and by adding argumentations which support that line.

MORE INFORMATION

Scientific outcomes

Related projects

  • PDP4E will build on top of the knowledge generated on the AMASS project and their contribution to the assurance and certification management tool under the eclipse foundation umbrella, OpenCert.