Data Protection as a Service
The EU General Data Protection Regulation (GDPR) requires website and blog owners to comply with data protection law. In order to be able to achieve this at all, operators must have both comprehensive technical and legal knowledge: they must be able to understand the technology they operate with in order to identify risks to fundamental rights, and they must be able to select, configure and operate the technology competently in order to prevent violations of data subjects’ rights.
In the past, knowledge uncertainties have led to small websites and blogs being shut down on a massive scale. This became known as “website dying”. The consequences are serious, not only for the website owners themselves. If websites are not set up in accordance with data protection regulations the fundamental rights of data subjects will be at risk, mainly due to a lack of competence on the part of data controllers.
In this research project we are developing, together with several research partners, solutions that help website owners to overcome their knowledge uncertainties. By specifying GDPR provisions regarding the operation of websites, we create certification criteria that determine how website owners should operate their website or blog in accordance with the GDPR.
Taking off from here, this basic research project will be extended to other areas relevant to data protection law beyond website hosting. In parallel, the economic implications of these mechanisms will be researched, with the project ultimately contributing to the standardisation in the data protection field und push the state of the art in technical and organisational protection measures.