LogoLogo
How to Build Dataspaces?Main IDSA AssetsOther ResourcesManifesto for International Data Spaces
IDS-RAM 4
IDS-RAM 4
  • README
  • Front Matter
    • Front Matter
    • Contributing Projects
  • Introduction
    • 1. Introduction
      • 1.1 Goals of the International Data Spaces
      • 1.2 Purpose and Structure of the Reference Architecture
      • 1.3 Relation to other IDSA assets
  • Context of the International Data Spaces
    • 2. Context of the International Data Spaces
      • 2.1 Data-Driven Business Ecosystems
      • 2.2 Data Sovereignty as a Key Capability
      • 2.3 Data as an Economic Good
      • 2.4 Data Exchange and Data Sharing
      • 2.5 Meaningful data
      • 2.6 Industrial Cloud Platforms
      • 2.7 Big Data and Artificial Intelligence
      • 2.8 The Internet of Things and the Industrial Internet of Things
      • 2.9 Blockchain
      • 2.10 Federated frameworks for data sharing agreements and terms of use
      • 2.11 General Data Protection Regulation
      • 2.12 Contribution of the International Data Spaces to Industry 4.0 and the Data Economy
      • 2.13 Privacy in the connected world
  • Layers of the Reference Architecture Model
    • 3 Layers of the Reference Architecture Model
      • 3.1 Business Layer
        • 3.1.1 Roles in the International Data Spaces
        • 3.1.2 Interaction of Roles
        • 3.1.3 Digital Identities
        • 3.1.4 Usage Contracts
      • 3.2 Functional Layer
      • 3.3 Information Layer
      • 3.4 Process Layer
        • 3.4.1 Onboarding
        • 3.4.2 Data Offering
        • 3.4.3 Contract Negotiation
        • 3.4.4 Exchanging Data
        • 3.4.5 Publishing and using Data Apps
        • 3.4.6 Policy Enforcement
      • 3.5 System Layer
        • 3.5.1 Identity Provider
        • 3.5.2 IDS Connector
        • 3.5.3 App Store and App Ecosystem
        • 3.5.4 Metadata Broker
        • 3.5.5 Clearing House
        • 3.5.6 Vocabulary Hub
  • Perspectives of the Reference Architecture Model
    • 4 Perspectives of the Reference Architecture Model
      • 4.1 Security Perspective
        • 4.1.1 Security Aspects addressed by the different Layers
        • 4.1.2 Identity and Trust Management
        • 4.1.3 Securing the Platform
        • 4.1.4 Securing Applications
        • 4.1.5 Securing Interactions between IDS components
        • 4.1.6 Usage Control
      • 4.2 Certification Perspective
        • 4.2.1 Certification Aspects Addressed by the Different Layers of the IDS-RAM
        • 4.2.2 Roles
        • 4.2.3 Operational Environment Certification
        • 4.2.4 Component Certification
        • 4.2.5 Processes
      • 4.3 Data Governance Perspective
        • 4.3.1 Governance Aspects Addressed by the Different Layers of the IDS-RAM
        • 4.3.2 Data Governance Model
        • 4.3.3 Data as an Economic Good
        • 4.3.4 Data Ownership
        • 4.3.5 Data Sovereignty
        • 4.3.6 Data Quality
        • 4.3.7 Data Provenance
        • 4.3.8 Data Space Instances
        • 4.3.9 IDS Rulebook
        • 4.3.10 Privacy Perspective
        • 4.3.11 Governance for Vocabularies
Powered by GitBook

Links:

  • IDSA Website
  • IDSA Github
  • Legal Notice
  • Privacy Policy

© 2016 – 2025 | All Rights Reserved | International Data Spaces Association

On this page
Edit on GitHub
  1. Context of the International Data Spaces
  2. 2. Context of the International Data Spaces

2.11 General Data Protection Regulation

Last updated 2 years ago

Compliance of an organization with the European Union's General Data Protection Regulation (GDPR) can only be ensured by the implementation of both appropriate technical and organizational measures.

For an organization participating in an IDS based ecosystem, the necessary technical measures for compliance with GDPR are provided by the software by which the IDS-RAM is implemented. However, responsibility and accountability with respect to GDPR compliance remains on the side of the organization itself. This means that the organization has to implement adequate organizational measures for the protection of personal data. This set of measures may be set up on the basis of a risk assessment regarding personal data (processing) and -- if the risk level exceeds a certain threshold -- a data protection impact assessment.

Consequently, the organizations participating and their data processing within an IDS-based ecosystem have to be considered for GDPR compliance. Therefore, it cannot be said in general that IDS-RAM compliance leads to GDPR compliance. Instead, the role of IDS with regard to GDPR compliance is to support the participating organization in the implementation of technical measures and offer advice regarding the implementation of organizational measures. As a result, the IDS participant is enabled to implement appropriate measures for GDPR-compliant processing and transfer of personal data within the scope of the IDS technology and related features (see also: .

GDPR-related Requirements and Recommendations for the IDS Reference Architecture Model