Real-Time Enterprise System Compliance Auditing with GDPR

Starting Date: June 2018
Duration: 8-10weeks
Time commitment: 20h/week
Prerequisites: Second Year

Data compliance audit is a comprehensive review of an organization’s adherence to regulatory guidelines. Traditionally, security or IT consultants evaluate the strength and thoroughness of compliance preparations – usually carried out once a year. With the enforcement of GDPR upon us, a real-time view of compliance could safe an organisation a substantial penalty (4% of Global Revenue or 20million – whichever is higher). The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

To collect the evidence of activities in an enterprise, we have used data-provenance based frameworks previously. Data Provenance refers to records of the inputs, entities, systems, and process that influence data of interest, providing a historical record of the data and its origins. To provide a holistic view of the data provenance in an enterprise system, the provenance records of the activities carried out on a database, database server and client workstation are collected and processed.

Based on the activities artefacts collected as data provenance, this project aims to assess the activities captured by the data provenance are in compliance with the organisational data governance policies including GDPR.

The student should have an interest in and willingness to learn basic data provenance would have prior knowledge of basic MySQL and/or Mongo (No-SQL databases). Ideally, would be familiar with C, C# and/or Java programming languages. Good time-management and strong writing skills.  We would use git and latex to write up the results; prior experience of these tools would be helpful but not required. Even if you do not have the right skills as listed above but you consider yourself dedicated, passionate, hardworking and willing to learn new skills, we would like to hear from you.

It is intended that once the implementation is working it can be used for practical trials, and we would anticipate a potential conference paper may be submitted for publication based on the implementation and subsequent trials; the respective student would be a co-author of this paper.

As part of the project, you will work with an experienced and dedicated team of researchers who encourage innovative thinking and students taking ownership. You will be given necessary support throughout the project period with regular meetings, blackboard sessions, and guidance on how to carry out research effectively. This project is part of a much larger EPSRC funded project, so you would have an opportunity to work and contribute to a research project with real-world significance and impact. In previous year’s projects, a student was co-inventor on the generated patent application from the respective UROP project and also a co-author on the related research paper.