How to Improve the GDPR Compliance through Consent Management and Access Control

Said Daoudagh; Eda Marchetti; Vincenzo Savarino; Roberto Di Bernardo; Marco Alessi

How to Improve the GDPR Compliance through Consent Management and Access Control

Said Daoudagh, Eda Marchetti, Vincenzo Savarino, Roberto Di Bernardo, Marco Alessi

Published: 01 Jan 2021, Last Modified: 07 Apr 2025ICISSP 2021EveryoneRevisionsBibTeXCC BY-SA 4.0

Abstract: This paper presents a privacy-by-design solution based on Consent Manager (CM) and Access Control (AC) to aid organizations to comply with the GDPR. The idea is to start from the GDPR’s text, transform it into a machine-readable format through a given CM, and then convert the obtained outcome to a set of enforceable Access Control Policies (ACPs). As a result, we have defined a layered architecture that makes any given system privacy-aware, i.e., systems that are compliant by-design with the GDPR. Furthermore, we have provided a proof-of-concept by integrating a Consent Manager coming from an industrial context and an AC Manager coming from academia.

Loading