Proceedings of the
35th European Safety and Reliability Conference (ESREL2025) and
the 33rd Society for Risk Analysis Europe Conference (SRA-E 2025)
15 – 19 June 2025, Stavanger, Norway
Ensuring Personal Data Compliance by integrating Legal Constraints into Digital Twin Design Methodology
1Lab-STICC SHAKER, Université Bretagne Sud.
2Lab LEX, Université Bretagne Sud.
ABSTRACT
Advancements of digital twin technology have brought new use cases involving the presence of personal data. Considering the importance of this data, ensuring compliance towards the applicable legislation is mandatory. Through European provisions and especially the GDPR, this study aims to point out the various legal implications linked to the presence of personal data in the digital twin. Ensuring that processing operations comply with European regulations is not only a necessity, but also a key factor in risk management. In this paper, we propose an innovative approach where these constraints are formalized and integrated into an existing design methodology for digital twins. This study focuses on industrial digital twins in connection with maintenance operations.
When used for maintenance purposes, the use of a digital twin necessarily implies data sharing. These data flows must be considered and anticipated right from the design stage. It is necessary to conform to a framework that is comprehensible and accessible to its designers, to respect the binding rules linked to data processing in the architecture of the digital twin. To achieve a complete result towards compliance that is adapted to the specific use of the industrial digital twin, three steps will be discussed.
Firstly, the legal constraints must be identified directly from the use cases of digital twin technology. Secondly, the provisions of the GDPR are taken as a starting point to propose concrete measures that can be integrated when designing digital twins (record of processing activities, Data Protection Impact Assessment or DPIA, erasing policy). Finally, all these compliance operations will be brought together in a proposed methodology directly applicable to the design of digital twins. The design of this methodological framework represents an innovation in the field of digital twins : to ensure compliance with European standards, provide a framework for its design, and raise awareness among stakeholders designing digital twins.
Keywords: Digital twin, Design methodology, Compliance, Personal data, European legislation.
