18003 APE: Automatic Privacy Explorer

Since 2018, every company dealing with European citizen personal data has to build its GDPR registry. Listing all personal data managed every day by the company can be an easy task because processes are well defined and documented, but finding all other data rarely used and stored internally can be a real challenge.

All companies often have some contact details or resumes about Human Resources candidates, documents containing personal data received by email, contact details from meeting attendees, … the list can be very long and varied. Finding all these personal data, checking if they have to appear in the GDPR registry or be deleted is a really big challenge for companies.

That’s where the Automatic Privacy Explorer will help. The goal of the APE project is to design, develop and deploy a software tool-suite to help a company’s Data Protection Officer to explore all their resources (files, spreadsheets, emails, databases …) and identify in all of them which data is personal and has to be listed in the GDPR registry. On the other hand, APE will be able to synchronize a GDPR registry with actual data sources of a company, helping to keep the GDPR registry up-to-date.

Plenty of GDPR tools exist in the market (see market analysis later) but there are certain needs that are not addressed by these products. There is a need for more advanced approaches for discovery, detection and anonymization / de-identification of private personal information especially in unstructured data such as text and voice. Existing methods mainly focus on structured data. However, as estimated by Gartner, 80% of the existing data in enterprises are in unstructured format. Thus, there is an ever-growing need for more advanced tools and services to process unstructured data for GDPR purposes. Even with the structured data, there is still plenty of room for improvement using advanced techniques such as Machine Learning to automate this discovery process or to create a more advanced decision support system for a Data Protection Officer.

Funding: ITEA 3 CALL 5
Project Calendar: 01.01.2020 – 31.12.2022
Project Total Budget: 11.211.01 k€
ARD Budget: 209.00 k€  


Countries & Partners: 

  • TURKEY(ARD Informatics Technologies, Golive Bilisim Hizmetleri Limited Sirketi, Hermes İletişim, Turkcell Teknoloji, VBT Information Technologies, VeriUs Teknoloji Ltd.Şti)
  • ROMANIA (BEIA Consult International)
  • PORTUGAL (EUROTUX Informatica, SA, Polytechnic Institute of Porto, )
  • FRANCE ( Institut Mines-Télécom, MUSE FI, PERTIMM, Softeam, Thales DIS SA, University of Burgundy, University of La Rochelle)
  • KOREA (KOREAa Security Evaluation Laboratory Co.,Ltd.)