GDPR establishes the accountability and transparency principles, which entail that organizations show in an accessible and comprehensible way how they are processing personal data and that they demonstrate they are appropriately implementing all the requirements posed by GDPR.
An Assurance Case is a set of auditable claims, arguments, and evidence created to support the claim that a defined system/service will satisfy particular given requirements. Assurance Cases have a previously successful track record to exchange information between various system stakeholders such as suppliers and acquirers, and between the operator and regulator, where the knowledge (related to e.g. the safety and security of the system) is communicated in a clear and defendable way. Assurance methods and tools are being used in PDP4E to demonstrate that compliance, through the recording of evidences that demonstrates that the processes determined by GDPR (or by ancillary standards and regulations) have been carried out and by adding argumentations which support that line.
- Organization of the 8th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems – SASSUR 2019. September 2019.
- Organization of the 7th International Workshop on Next Generation of System Assurance Approaches for Safety-Critical Systems – SASSUR 2018. September 2018.
- Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering, April 2018. (Open access)
- PDP4E will build on top of the knowledge generated on the AMASS project and their contribution to the assurance and certification management tool under the eclipse foundation umbrella, OpenCert.