Developed Framework Based on Cognitive Computing to Support Personal Data Protection Under the GDPR

  • Soraya SedkaouiEmail author
  • Dana Simian
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1126)


The General Data Protection Regulation (GDPR) has entered into force in the European Union (EU) since 25 May 2018 in order to satisfy present difficulties related to private information protection. This regulation involves significant structural for companies, but also stricter requirements for personal data collection, management, and protection. In this context, companies need to create smart solutions to allow them to comply with the GDPR and build a feeling of confidence in order to map all their personal data. In these conditions, cognitive computing could be able to assist companies extract, protect and anonymize sensitive structured and unstructured data. Therefore, this article proposes a framework that can serve as an approach or guidance for companies that use cognitive computing methods to meet GDPR requirements. The goal of this work is to examine the smart system as a data processing and data protection solution to contribute to GDPR compliance.


GDRP Data protection Cognitive computing Data processing Framework 



This research was realized under the “Eugen Ionescu” fellowship program, supported by “Agence Universitaire de Francophonie” (AUF) in Romania. The AUF team played no role in the writing of this article, or the decision to submit it for MDIS 2019 conference.

Conflict of Interest

The authors declare no conflict of interest.


  1. 1.
    Storr, C., Storr, P.: Internet of things: right to data from a European perspective. In: Corrales, M., Fenwick, M., Forgó, N. (eds.) New Technology, Big Data and the Law. PLBI, pp. 65–96. Springer, Singapore (2017). Scholar
  2. 2.
    Tikkinen-Piri, C., Rohunen, A., Markula, J.: EU general data protection regulation: changes and implications for personal data collecting companies. Comput. Law Secur. Rev. 34(1), 134–153 (2018)CrossRefGoogle Scholar
  3. 3.
    Voigt, P., von dem Bussche, A.: The EU General Data Protection Regulation (GDPR). Springer, Cham (2017). Scholar
  4. 4.
    Becker, J., Knackstedt, R., Braeuer, S., Heddier, M.: Integrating regulatory requirements into information systems design and implementation. In: 35th International Conference on Information Systems “Building a Better World Through Information Systems”, ICIS 2014 (2014)Google Scholar
  5. 5.
    Sedkaoui, S., Gottinger, H-W.: The internet, data analytics and big data Chap. 8. In: Gottinger, H.W. (eds.) Internet Economics: Models, Mechanisms and Management, pp. 144–166. eBook Bentham Science Publishers, Sharjah (2017)Google Scholar
  6. 6.
    Mayer-Schonberger, V., Cukier, K.: Big Data: A Revolution That Will Transform How We Live, Work and Think. Houghton Mifflin Harcourt, Boston (2013)Google Scholar
  7. 7.
    Malatras, A., Aanchez, I., Beslay, L., et al.: Pan-European personal data breaches: mapping of current practices and recommendations to facilitate cooperation among data protection authorities. Comput. Law Secur. Rev. 33, 458–469 (2017)CrossRefGoogle Scholar
  8. 8.
    Tankard, C.: What the GDPR means for businesses. Netw. Secur. 6, 5–8 (2016)CrossRefGoogle Scholar
  9. 9.
    Auwermeulen, B.V.: How to attribute the right to data probability in the Europe: a comparative analysis of legislations. Comput. Law Secur. Rev. 33(1), 57–72 (2017)CrossRefGoogle Scholar
  10. 10.
    Data Protection Working Party, Article 29: Opinion 8/2014 on the on Recent Developments on the Internet of Things, WP 223, 16 September 2014Google Scholar
  11. 11.
    Mitrou, L.: Data Protection, Artificial Intelligence and Cognitive Services: Is the general data protection regulation (GDPR) “artificial intelligence-proof”? (2019).
  12. 12.
  13. 13.
    Sedkaoui, S.: Data Analytics and Big Data. ISTE-Wiley, London (2018)CrossRefGoogle Scholar
  14. 14.
    General Data Protection Regulation (EU) (2016).
  15. 15.
    Robol, M., Salnitri, M., Giorgini, P.: Toward GDPR-compliant socio-technical systems: modeling language and reasoning framework. In: Poels, G., Gailly, F., Serral Asensio, E., Snoeck, M. (eds.) PoEM 2017. LNBIP, vol. 305, pp. 236–250. Springer, Cham (2017). Scholar
  16. 16.
    Schwartz, P., Solove, D.: Reconciling personal information in the United States and European Union. Calif. Law Rev. 102, 877–916 (2014)Google Scholar
  17. 17.
    Zerlang, J.: GDPR: a milestone in convergence for cybersecurity and compliance. Netw. Secur. 6, 8–11 (2017)CrossRefGoogle Scholar
  18. 18.
    Earley, S.: Executive roundtable series: machine learning and cognitive computing. IT Prof. 17(4), 56–60 (2015)CrossRefGoogle Scholar
  19. 19.
    TechTarget: Cognitive Computing (2017).
  20. 20.
    Watson, H.: The cognitive decision-support generation. Bus. Intell. J. 22(2), 5–14 (2017)Google Scholar
  21. 21.
    Demirkan, H., Earley, S., Harmon, R.: Cognitive computing. IT professional 19(4), 16–20 (2017)CrossRefGoogle Scholar
  22. 22.
    Hurwitz, J., Kaufman, M., Bowles, A.: Cognitive Computing and Big Data Analytics. Wiley, Hoboken (2015)Google Scholar
  23. 23.
    Coccoli, M., Maresca, P.: Adopting cognitive computing solutions in healthcare. J. e-Learn. Knowl. Soc. 14(1) (2018)Google Scholar
  24. 24.
    Williams, H.: IBM pushes cognitive computing & data-driven solutions ahead of GDPR (2017).
  25. 25.
    Gupta, S., Kumar, A.K., Baabdullah, A., Al-Khowaiter, W.A.A.: Big data with cognitive computing: a review for the future. Int. J. Inf. Manage. 42, 78–89 (2018)CrossRefGoogle Scholar
  26. 26.
    Alert Logic Report: GDPR Compliance in the EU (2017).
  27. 27.
  28. 28.
    Hoepman, J.-H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 446–459. Springer, Heidelberg (2014). Scholar
  29. 29.
    Angelopoulos, K., Diamantopoulou, V., Mouratidis, H., Pavlidis, M.: A metamodel for GDPR-based privacy level agreements. In: ER Forum/Demos (2017)Google Scholar
  30. 30.
    Furey, E., Blue, J.: Alexa, emotions, privacy and GDPR. In: Proceedings of the 32nd International BCS Human Computer Interaction Conference (HCI 2018), Belfast, UK (2018)Google Scholar
  31. 31.
    Gan, M.F., Chua, H.N., Wong, S.F.: Personal data protection act enforcement with PETs adoption: an exploratory study on employees’ working process change. In: Kim, K.J., Kim, H., Baek, N. (eds.) ICITS 2017. LNEE, vol. 450, pp. 193–202. Springer, Singapore (2018). Scholar
  32. 32.
    Karie, N.-M., Kebande, V.-R., Venter, H.S.: Diverging deep learning cognitive computing techniques into cyber forensics. Forensic Sci. Int. Synerg. 1, 61–67 (2019)CrossRefGoogle Scholar
  33. 33.
    DLA Piper Data Protection.
  34. 34.
    Falagas, M.E., Pitsouni, E.I., Malietzis, G.A., Pappas, G.: Comparison of PubMed, Scopus, web of science, and Google scholar: strengths and weaknesses. FASEB J. 22(2), 338–342 (2008). Official Publication of the Federation of American Societies for Experimental BiologyCrossRefGoogle Scholar
  35. 35.
    EU Parliament: Home Page of EU GDPR (2017).
  36. 36.
  37. 37.
    Information Commissioner’s Office: Preparing for the General Data Protection Regulation (GDPR): 12 Steps to Take Now (2018).
  38. 38.
    Data Protection Network: GDPR Data Retention Quick Guide (2017).
  39. 39.
    Gantner, J., Demetz, L., Maier, R.: All you need is trust: an analysis of trust measures communicated by cloud providers. In: Debruyne, C., et al. (eds.) OTM 2015. LNCS, pp. 557–574. Springer, Cham (2015). Scholar
  40. 40.
    Sedkaoui, S., Khelfaoui, M.: Understand, develop and enhance the learning process with big data. Inf. Discov. Deliv. 47(1), 2–16 (2019)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of EconomicsUniversity of Khemis MilianaKhemis MilianaAlgeria
  2. 2.Department of Mathematics and InformaticsLucian Blaga UniversitySibiuRomania

Personalised recommendations