A Framework for GDPR Compliance in Big Data Systems

  • Mouna RhahlaEmail author
  • Sahar AllegueEmail author
  • Takoua AbdellatifEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12026)


The verification and implementation of the GDPR regulation that aims at protecting European citizens’ privacy, is still a real challenge. In particular, in Big Data systems where data is of huge volume and heterogeneous, it is hard to track data evolution through its complex life cycle ranging from collection, ingestion, storage and analytics. In this context, from 2016 to 2019 research has been conducted and security tools designed. However, they are either specific to special applications or address only partially the regulation articles. In order to identify the covered parts, the missed ones and the necessary metrics for comparing different works, we propose a framework for GDPR compliance that identifies the main components for the regulation implementation. Based on this framework, we compare the main GDPR solutions in Big Data domain and we propose a guideline for GDPR verification and implementation in Big Data systems.


The general data protection regulation Big data analytics Security Privacy 


  1. 1.
    Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Off. J. Eur. Union L119, 1–88 (2016)Google Scholar
  2. 2.
    Pham, P.L.: The applicability of the GDPR to the Internet of Things. J. Data Prot. Priv. 2(3), 254–263 (2019)Google Scholar
  3. 3.
    Yuan, B., Jiannan, L.: The policy effect of the General Data Protection Regulation (GDPR) on the digital public health sector in the European Union: an empirical investigation. Int. J. Environ. Res. Public Health 16(6), 1070 (2019)CrossRefGoogle Scholar
  4. 4.
    Lopes, I.M., Guarda, T., Oliveira, P.: Improvement of the applicability of the general data protection regulation in health clinics. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST 2019. AISC, vol. 930, pp. 155–165. Springer, Cham (2019). Scholar
  5. 5.
    Shah, A., Banakar, V., Shastri, S., Wasserman, M., Chidambaram, V.: Analyzing the impact of GDPR on storage systems. In: 11th USENIX Workshop on Hot Topics in Storage and File Systems (HotStorage 2019) (2019)Google Scholar
  6. 6.
    Gonçalves, A., Correia, A., Cavique, L.: An approach to GDPR based on object role modeling. In: Rocha, Á., Adeli, H., Reis, L.P., Costanzo, S. (eds.) WorldCIST’19 2019. AISC, vol. 930, pp. 595–602. Springer, Cham (2019). Scholar
  7. 7.
    Kotsios, A., Magnani, M., Rossi, L., Shklovski, I., Vega, D.: An analysis of the consequences of the general data protection regulation (GDPR) on social network research. arXiv preprint arXiv:1903.03196 (2019)
  8. 8.
    Camilo, J.: Blockchain-based consent manager for GDPR compliance. Open Identity Summit 2019 (2019)Google Scholar
  9. 9.
    Krempel, E., Jürgen, B.: The EU general data protection regulation and its effects on designing assistive environments. In: Proceedings of the 11th PErvasive Technologies Related to Assistive Environments Conference. ACM (2018)Google Scholar
  10. 10.
    Gjermundrød, H., Dionysiou, I., Costa, K.: privacyTracker: a privacy-by-design GDPR-compliant framework with verifiable data traceability controls. In: Casteleyn, S., Dolog, P., Pautasso, C. (eds.) ICWE 2016. LNCS, vol. 9881, pp. 3–15. Springer, Cham (2016). Scholar
  11. 11.
    Rantos, K., Drosatos, G., Demertzis, K., Ilioudis, C., Papanikolaou, A., Kritsas, A.: ADvoCATE: a consent management platform for personal data processing in the IoT using blockchain technology. In: Lanet, J.-L., Toma, C. (eds.) SECITC 2018. LNCS, vol. 11359, pp. 300–313. Springer, Cham (2019). Scholar
  12. 12.
    Fischer-Hübner, S., Angulo, J., Karegar, F., Pulls, T.: Transparency, privacy and trust – technology for tracking and controlling my data disclosures: does this work? In: Habib, S.M.M., Vassileva, J., Mauw, S., Mühlhäuser, M. (eds.) IFIPTM 2016. IAICT, vol. 473, pp. 3–14. Springer, Cham (2016). Scholar
  13. 13.
    General Data Protection Regulation. Accessed 20 June 2019
  14. 14.
    Fernandez-Gago, C., et al.: Tools for cloud accountability: A4Cloud tutorial. In: Camenisch, J., Fischer-Hübner, S., Hansen, M. (eds.) Privacy and Identity 2014. IAICT, vol. 457, pp. 219–236. Springer, Cham (2015). Scholar
  15. 15.
    The Absolute Platform. Accessed 20 June 2019
  16. 16.
    Alien Vault USM. Accessed 20 June 2019
  17. 17.
    BigId. Accessed 20 June 2019
  18. 18.
  19. 19.
    Consentua. Accessed 20 June 2019
  20. 20.
    PrivacyPerfect. Accessed 20 June 2019
  21. 21.
    Hesselman, C., Jansen, J., Wullink, M., Vink, K., Simon, M.: A privacy framework for DNS big data applications. Technical report (2014)Google Scholar
  22. 22.
    Crabtree, A., et al.: Building accountability into the Internet of Things: the IoT Databox model. J. Reliab. Intell. Environ. 4(1), 39–55 (2018)CrossRefGoogle Scholar
  23. 23.
    Rhahla, M., Abdellatif, T, Attia, R., Berrayana, W.: A GDPR controller for IoT systems: application to e-health. In: WETICE (2019)Google Scholar
  24. 24.
    Ferreira, A., Joana, M.: TagUBig-Taming your Big Data. In: 2018 International Carnahan Conference on Security Technology (ICCST). IEEE (2018)Google Scholar
  25. 25.
  26. 26.
    Cavoukian, A.: Privacy by design: the 7 foundational principles. Information and Privacy Commissioner of Ontario, Canada 5 (2009)Google Scholar
  27. 27.
    Danezis, G., et al.: Privacy and data protection by design-from policy to engineering. arXiv preprint arXiv:1501.03726 (2015)
  28. 28.
    Apache Eagle. Accessed 20 June 2019
  29. 29.
    Apache Atlas. Accessed 20 June 2019
  30. 30.
    Apache Ranger. Accessed 20 June 2019
  31. 31.
    Fischer-Hübner, S., Hedbom, H., Wästlund, E.: Trust and assurance HCI. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds.) Privacy and Identity Management for Life, pp. 245–260. Springer, Heidelberg (2011). Scholar
  32. 32.
    Angulo, J., Fischer-Hübner, S., Pulls, T., Wstlund, E.: Usable transparency with the data track: a tool for visualizing data disclosures. In: Proceedings of the 33rd Annual ACM Conference Extended Abstracts on Human Factors in Computing Systems. ACM (2015)Google Scholar
  33. 33.
    Benghabrit, W., et al.: A cloud accountability policy representation framework. In: Closer (2014)Google Scholar
  34. 34.
    Apache Knox. Accessed 20 June 2019
  35. 35.
    D’Acquisto, G., Domingo-Ferrer, J., Kikiras, P., Torra, V., de Montjoye, Y. A., Bourka, A.: Privacy by design in big data: an overview of privacy enhancing technologies in the era of big data analytics. arXiv preprint arXiv:1512.06000 (2015)
  36. 36.
    Wu, J., Zheng, L.: Research on customer segmentation model by clustering. In: Proceedings of the 7th International Conference on Electronic Commerce. ACM (2005)Google Scholar
  37. 37.
    Cavoukian, A., Chibba, M., Williamson, G., Ferguson, A.: The importance of ABAC: attribute-based access control to big data: privacy and context. Ryerson University, Toronto, Canada, Privacy and Big Data Institute (2015)Google Scholar
  38. 38.
  39. 39.
    Apache Kafka. Accessed 20 June 2019
  40. 40.
    Cattell, R.: Scalable SQL and NoSQL data stores. Acm Sigmod Rec. 39(4), 12–27 (2011)CrossRefGoogle Scholar
  41. 41.
    Yod-Samuel, M., Kung, A.: Methods and tools for GDPR compliance through privacy and data protection engineering. In: IEEE European Symposium on Security and Privacy Workshops (EuroSPW), IEEE 2018, pp. 108–111 (2018)Google Scholar
  42. 42.
    Schneider, G.: Is privacy by construction possible? In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11244, pp. 471–485. Springer, Cham (2018). Scholar
  43. 43.
    Ferrara, P., Fausto, S.: Static analysis for GDPR compliance. In: ITASEC (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Polytechnic School of Tunisia, SERCOMUniversity of CarthageTunisTunisia
  2. 2.Proxym-LabProxym-ITSousseTunisia

Personalised recommendations