UPCAST provides a set of universal, trustworthy, transparent and user-friendly data market plugins for the automation of data sharing and processing agreements between businesses, public administrations and citizens. Our plugins will enable actors in the common European data spaces to design and deploy data exchange and trading operations guaranteeing (i) automatic negotiation of agreement terms, (ii) dynamic fair pricing, (ii) improved data-asset discovery, (iii) privacy, commercial and administrative confidentiality requirements, (iv) low environmental footprint, as well as ensuring compliance with (v) relevant legislation and (vi) ethical and responsibility guidelines. UPCAST will support the deployment of Common European data spaces by consolidating mature research in the areas of data management, privacy, monetisation, exchange and automated negotiation, considering efficiency for the environment as well as compliance with EU and national initiatives, AI regulations and ethical procedures. Four real-world pilots across Europe will operationalise a set of working platform plugins for data sharing, monetisation and trading, deployable across a variety of different data marketplaces and platforms, ensuring digital autonomy of data providers, brokers, users and data subjects, and enabling interoperability within European data spaces. UPCAST aims at engaging SMEs, administrations and citizens by providing a transferability framework, best practices and training to endow users in order to deploy the new technologies and maximise impact of the project.

The goal of BPR4GDPR is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and inter-organisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains. To this end, proposed solutions will have a strong semantic foundation and cover the full process lifecycle addressing major challenges and priorities posed by the regulation, including requirements interpretation, broad territorial scope, accountability, security means enforcement, data subject’s rights and consent, unified data view and processing actions inventory, privacy by design, etc. The starting point will be process models, either automatically discovered through organisation logs or manually specified, formally expressed through a Compliance Metamodel, a comprehensive process modelling technology able to capture advanced privacy provisions. Thereupon, a highly expressive policy framework will guide the automatic verification of these models regarding GDPR requirements, and their subsequent transformation, so that they are rendered inherently privacy-aware before being deployed for execution. Subsequently, the consistent execution of GDPR-compliant processes will be ensured by a comprehensive set of tools able to support all diverging requirements that may arise from GDPR, related to data handling, data subjects’ involvement, various PETs, etc., so that even organisations with currently no such infrastructure in place can readily have such mechanisms. Finally, process mining will be extensively used for the ex post analysis of processes, in order to ensure that specified policies are indeed enforced. However, apart from verifying compliance, such techniques will offer the added value of automatically improving process models over time towards optimised fulfillment of both legal and business requirements. Deployed on the Cloud, BPR4GDPR will provide for Compliance-as-a-Service (CaaS)