An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance
Loading...
Links to Files
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2018-12-11
Type of Work
Department
Program
Citation of Original Publication
L. Elluri, A. Nagar and K. P. Joshi, "An Integrated Knowledge Graph to Automate GDPR and PCI DSS Compliance," 2018 IEEE International Conference on Big Data (Big Data), Seattle, WA, USA, 2018, pp. 1266-1271, doi: 10.1109/BigData.2018.8622236.
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2018 IEEE
© 2018 IEEE
Abstract
Big data analytics related to consumer behavior, market analysis, opinions, and recommendation often deal with end user's derived and inferred data, along with the observed data. To ensure consumer data protection, rules defined by the European Union’s General Data Protection Regulation (EU GDPR) must be adhered to by every organization using Personally Identifiable Information (PII) data for Big Data analysis. Similarly, Payment Card Industry Data Security Standard (PCI DSS) has policy guidelines specifically for organizations handling consumer’s payment card data. Both data regulation policies are currently available only in textual format and require significant manual effort to ensure their compliance. We have developed an integrated, semantically rich Knowledge Graph (or Ontology) to represent the rules mandated by both PCI DSS and EU GDPR. In the Ontology, we have also identified the obligations defined in these regulations and related them with corresponding Cloud Security Alliance (CSA) controls. We have validated this Knowledge Graph against the data policies of major vendors that deal with Big Data. This Knowledge Graph that is available in the public domain can be used by Big Data practitioners to automate data protection compliance in their organization.