@inproceedings{33e84e7cd4cb43cb8028c778a22ef777,
title = "A provenance model for the european union general data protection regulation",
abstract = "The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation{\textquoteright}s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.",
keywords = "Compliance, Data processing, Data provenance, Data usage, GDPR, General Data Protection Regulation, Modeling, W3C PROV-DM",
author = "Ujcich, {Benjamin E.} and Adam Bates and Sanders, {William H.}",
note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2018.; 7th International Provenance and Annotation Workshop, IPAW 2018 ; Conference date: 09-07-2018 Through 10-07-2018",
year = "2018",
doi = "10.1007/978-3-319-98379-0_4",
language = "English (US)",
isbn = "9783319983783",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer",
pages = "45--57",
editor = "Khalid Belhajjame and Ashish Gehani and Pinar Alper",
booktitle = "Provenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings",
address = "Germany",
}