OECD-Driven Operational Risk Management for Personal Data Safeguarding

Abstract

The article examines the "Guidelines for the Protection of Privacy and Transborder Flows of Personal Data" by the OECD, proposing a model that incorporates its recommendations to evaluate and improve compliance with data protection regulations. By employing the Object-Role Modeling (ORM) methodology, the study develops a detailed representation of the relationships and constraints between entities such as Data Controller and Personal Data, emphasizing transparency, accountability, and interoperability. Finally, it suggests transforming the ORM model into first-order logic to enhance formal analysis and automate reasoning. The article highlights the benefits in terms of clarity, precision, and the identification of inconsistencies, aiming to strengthen the privacy and security of personal data.