An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance
Links to Fileshttps://ieeexplore.ieee.org/document/8622236
MetadataShow full item record
Type of Work6 pages
conference papers and proceedings preprints
Citation of Original PublicationL. Elluri, A. Nagar and K. P. Joshi, "An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance," 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA, 2018, pp. 1266-1271, doi: 10.1109/BigData.2018.8622236.
RightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2018 IEEE
General Data Protection Regulation
UMBC Ebiquity Research Group
Big data analytics related to consumer behavior, market analysis, opinions, and recommendation often deal with end user's derived and inferred data, along with the observed data. To ensure consumer data protection, rules defined by the European Union’s General Data Protection Regulation (EU GDPR) must be adhered to by every organization using Personally Identifiable Information (PII) data for Big Data analysis. Similarly, Payment Card Industry Data Security Standard (PCI DSS) has policy guidelines specifically for organizations handling consumer’s payment card data. Both data regulation policies are currently available only in textual format and require significant manual effort to ensure their compliance. We have developed an integrated, semantically rich Knowledge Graph (or Ontology) to represent the rules mandated by both PCI DSS and EU GDPR. In the Ontology, we have also identified the obligations defined in these regulations and related them with corresponding Cloud Security Alliance (CSA) controls. We have validated this Knowledge Graph against the data policies of major vendors that deal with Big Data. This Knowledge Graph that is available in the public domain can be used by Big Data practitioners to automate data protection compliance in their organization.