Modelling Technique for GDPR-compliance: Toward a Comprehensive Solution
Naila Azam, Anna Lito Michala, Shuja Ansari, Nguyen Truong
TL;DR
The paper tackles the challenge of modelling GDPR non-compliance threats in data-driven systems, where traditional threat models fall short in capturing regulatory requirements. It proposes a holistic framework that fuses STRIDE and LINDDUN with GDPR baselines via a rule-based knowledge base and a rule-driven inference engine, anchored by a GDPR-aware Data Flow Diagram. The authors implement an end-to-end reference including a default and system-specific knowledge base, and demonstrate the approach on a telehealth use-case, identifying threats such as non-consent, non-provided Right to Erasure, and non-accountability. The results show the method's feasibility and potential for guiding GDPR compliance in complex deployments, with future work aimed at expanding the knowledge base, integrating GDPR ontologies, and adopting non-monotonic reasoning for legal compliance. This work provides a practical pathway to systematically assess and mitigate GDPR non-compliance threats in real-world data ecosystems.
Abstract
Data-driven applications and services have been increasingly deployed in all aspects of life including healthcare and medical services in which a huge amount of personal data is collected, aggregated, and processed in a centralised server from various sources. As a consequence, preserving the data privacy and security of these applications is of paramount importance. Since May 2018, the new data protection legislation in the EU/UK, namely the General Data Protection Regulation (GDPR), has come into force and this has called for a critical need for modelling compliance with the GDPR's sophisticated requirements. Existing threat modelling techniques are not designed to model GDPR compliance, particularly in a complex system where personal data is collected, processed, manipulated, and shared with third parties. In this paper, we present a novel comprehensive solution for developing a threat modelling technique to address threats of non-compliance and mitigate them by taking GDPR requirements as the baseline and combining them with the existing security and privacy modelling techniques (i.e., \textit{STRIDE} and \textit{LINDDUN}, respectively). For this purpose, we propose a new data flow diagram integrated with the GDPR principles, develop a knowledge base for the non-compliance threats, and leverage an inference engine for reasoning the GDPR non-compliance threats over the knowledge base. Finally, we demonstrate our solution for threats of non-compliance with legal basis and accountability in a telehealth system to show the feasibility and effectiveness of the proposed solution.