Professional Documents
Culture Documents
EU - WEST - 1 Prod s3 Ucmdata Evise C - O4683945 - 2610764 PDF
EU - WEST - 1 Prod s3 Ucmdata Evise C - O4683945 - 2610764 PDF
Title Case Study: Blockchain Architecture Deployment for IoT, AI and GDRP
Abstract
There are many experiments around blockchain, but very few case studies in production for permissioned private
blockchains, due to latency and lack of integration with legacy systems. Furthermore, when it comes to integrating
blockchain, IoT, AI with legacy systems, while achieving GDPR data privacy requirements, in a highly critical
environment such as patient control, this is the first blockchain architecture deployed in production worldwide. This
paper describes how a healthcare company, “mHealthAlert”, has deployed in production a blockchain architecture that
addresses the issues above, while achieving GDPR data privacy requirements, integrated with an IoT network and AI
blockchain services.
To view all the submission files, including those not included in the PDF, click on the manuscript title on your EVISE
Homepage, then click 'Download zip file'.
Editor-In-Chief
Computers & Security
Elsevier
Dear Sir/Madam,
I am pleased to submit an original research article entitled “Case Study: Blockchain Architecture
Deployment for IoT, AI and GDRP”, authored by Pilar Santamaria and M. Teresa Villalba for your
consideration for publication in the Computers and Security special issue on “Blockchain and
Cryptocurrencies”.
In this manuscript, we describe how a healthcare company, MHealthAlert, has designed and deployed
in production a blockchain architecture that addresses key issues for private permissioned blockchains:
latency and integration with legacy systems, while achieving GDPR data privacy requirements. Also,
We truly believe that this manuscript is appropriate for publication by Computers & Security, Elsevier,
since this is the first blockchain architecture deployed in production worldwide integrating blockchain
applications, IoT and AI with legacy systems, while achieving GDPR data privacy requirements, in a
This manuscript has not been published and is not under consideration for publication elsewhere. We
have no conflicts of interest to disclose that would affect the decision to publish this manuscript.
Pilar Santamaria
Case Study: Blockchain Architecture Deployment for IoT, AI and GDRP
ABSTRACT
There are many experiments around blockchain, but very few case studies in production for
permissioned private blockchains, due to latency and lack of integration with legacy systems.
Furthermore, when it comes to integrating blockchain, IoT and AI with legacy systems, while
achieving GDPR data privacy requirements, in a highly critical environment such as patient
This paper describes how a healthcare company, “mHealthAlert”, has deployed in production
a blockchain architecture that addresses the issues above, while achieving GDPR data privacy
Keywords
1. Introduction
The nature of the patient care activities requires companies to have a highly secure platform,
compliant with local regulations. Data privacy and more specifically, the compliance with
GDPR, is a critical aspect. They collect patient health data in real time from sensors and they
manage health records. They need to automatize the consent from patients in an immutable
platform for audit purposes. An architecture based on blockchain technology would provide
the immutability needed, but this immutability is challenged by the need to modify records,
according to the GDPR regulation. Another key aspect is how to control how data insights are
information, released to non-authorized parties [1]. The General Data Protection Regulation
(EU) 2016/679 (GDPR) introduces “the right to withdraw consent” (Article 7(3)) and the
“right to be forgotten” (Article17) [2]. The consent is intended to give legitimate permission
to whomever controls the data to store, process or even disseminate personal data for uses
According to the GDPR definition [3], companies and public entities managing personal data,
faced the challenge to deal with data subject´s rights to access, amend or delete their data.
Data subject [4] is defined as natural person whose personal data is processed by a controller
or processor [5]. Failing on attending these requests would revert into a loss of citizen´s rights
and therefore, penalties to the entities holding the data. The aim of GDPR is to protect EU
citizens from privacy and data breaches. The new directive puts extra focus on the rights of
the data subjects and the enforcement for compliance. It also extends liability to third parties,
On the other hand, companies and public entities have the need to know their customers deeper,
in order to predict needs and provide a better service; they need to have access to data from
other legal entities in order to better help their customers, for example, for comparing patient
medical history or for patient monitoring. They also need to custody and process data across
borders, with different regulations. And they need to achieve their business and service
objectives under the GDPR regulation, no matter where they are, as long as they deal with
European citizen´s data. This is one of the key differences GDPR adds: data sovereignty
belongs to the data owner and it does not depend any longer on the data jurisdiction. This means
all data processors must achieve GDPR, even if they are US based, as long as they deal with
European Citizen´s data. Therefore, they need to achieve the content requirements of GDPR.
Consent is defined by GDPR as: “‘consent of the data subject means any freely given, specific,
informed and unambiguous indication of the data subject’s wishes by which he or she, by a
statement or by a clear affirmative action, signifies agreement to the processing of personal
When it comes to Artificial Intelligence (AI), it is key to audit and control which entity is
sending which query and what information is being shared. Not only for the GDPR
requirements mentioned above, but for ethical reasons. Patient´s information is highly sensitive
and also key insights, such as health predictions, must be managed with the highest ethical
standards. For this purpose, it is important to integrate a blockchain immutable system that will
keep information in regards to these types of queries for auditing and control.
In this paper, we describe how MHealthAlert [7] has designed and put into production an
architecture based on blockchain technology for automatized consent in a way that no personal
data was kept in the blockchain after the data owner had asked for data deletion. Also, this
architecture based on blockchain provides Artificial Intelligence (AI) immutable tracking and
control, all integrated with legacy systems in a multicloud and hybrid environment and an
Internet of Things (IoT) network. MHealthAlert has developed patient remote care
automatization and pharmacy processes. They provide retail diabetes and cardiovascular
diseases prevention, chronic remote care management, pharmacy trials and virtual weight
control, according to health thresholds. All these data is collected from an IoT health sensor
network. If a threshold overpasses, their system sends an alarm to the assigned doctor, health
contact centre or caregiver through a mobile or web application. Their artificial intelligence
system provides health alerts based on deep learning predictions from historical and real time
bio-data. Their operations are supported by their headquarters in San Francisco and Madrid,
therefore, they rely in a hybrid cloud environment in order to support patients and doctors
globally.
This paper is structured as following: Section 1 describes the problem statement; Section 2
summarizes the related work; Section 3 explains the architecture implemented, and finally,
The following research treats the GDPR data subject writes and control from a blockchain
perspective, and how this technology has enabled mHealthAlert to resolve the challenges
reflected above. As explained, the key requirement is to store consent transactions in a way
that records will be immutable. Immutability is a basic concept of a blockchain [8], allowing a
ledger to reflect a transaction that cannot be altered, as shown in Error! Reference source not
found..
A transaction can include any type of virtual agreement, order or confirmation. In this paper,
we will treat consent as a virtual transaction in which a data subject agrees to share a virtual
There has been previous works done analysing how blockchain can achieve compliance over
personal data [9] and what the compliance challenges represent. This article [9] explains how
the immutable nature of blockchain is a challenge to address the modification and deletion
rights from GDPR, already explained in Section 1. As shown in Figure 1, once a block is added,
it cannot be deleted, neither changed. The industry is researching ways to create mutability in
blockchain, though no models have been proposed yet. In this paper we propose a solution to
this issue. We will explain how blockchain immutability is maintained, while modification and
deletion rights are kept; this is done through a Pseudonymization Application. No previous
blockchain researches have integrated this type of applications with blockchain before,
reputation distributed systems, focused on online ecommerce platforms [10]. This research
does not address individual´s consent for data sharing, so our research could complement this
On the other hand, there has been work about how decentralized security systems could achieve
higher levels of trust excluding the control by a third party [11]. This study implements a
protocol for access control management in which personal data sharing is the transaction. This
which is one of the issues we resolve. Our paper also complements the paper “Moving Toward
a Blockchain-based Method for the Secure Storage of Patient Records” [12] and “Healthcare
Data Gateways: Found Healthcare Intelligence on Blockchain with Novel Privacy Risk
Control” [13], as we address the specific GDPR requirements and we also add a detailed
Our blockchain solution is a permissioned private blockchain. This type of blockchain has been
selected because it provides better scalability and performance than public blockchains [14].
The performance limitations of some blockchain standards for critical environments have been
recognized in previous works. Blockchains are based on a consensus algorithm “All the nodes
in the blockchain have equal status. These nodes achieve consensus by using the prior
agreement of the rules and following the principle of majority dominance” [15].
This consensus is driven by an algorithm, which in many blockchains [15] is the Byzantine
Consensus Algorithm. The industry is working on improvements to this algorithm, due to low
scalability and latency [16]. Therefore, a latency threshold of 200ms has been set for the
validation of the deployment we are describing here, as this is one of the main constrains for
real blockchain applications. This threshold has been defined by the maximum latency value
before integrating blockchain in the architecture, so that the blockchain implementation will
not impact previous customer experience, in terms of performance. Another key mater is time
“Consensus is a fundamental building block used to solve many practical problems that appear
In this paper [18], the author analyses key traditional vulnerabilities that may impact IoT
environments and how these potential threats can be mitigated using with blockchain smart
contracts technology. As an example, the “Bubles of Trust” system could integrate with the
IoT network. This is possible because the architecture we are describing in this paper has been
designed so that present and future blockchain applications can be added through a business
technology, integrated with an IoT network, Artificial Intelligence and legacy systems. This
case study covers how blockchain can enable GDPR data privacy requirements; as well as
blockchain based audit and control for Data Insights management for Artificial Intelligence
systems, using a comprehensive reference architecture that has been successfully deployed.
As far as we know, none of the previous researches have addressed the following before:
- A reference architecture that can enable to address GDPR controls on data privacy through
consent registration, access registration and access cancelation, led by data owners. This
implies an architecture supporting process flow automatization with a latency validation below
- A reference architecture that provides auditing and control for Data Insights management for
“The conditions for consent have been strengthened, and companies will no longer be able to
use long illegible terms and conditions full of legalese, as the request for consent must be given
in an intelligible and easily accessible form, with the purpose for data processing attached to
that consent. Consent must be clear and distinguishable from other matters and provided in an
intelligible and easily accessible form, using clear and plain language. It must be as easy to
In order to best prepare for compliance, companies and public entities need to change their
centric approach. GDPR gives ownership and data sovereignty to every citizen. It empowers
data owners to decide over their personal digital assets, no matter where these assets are.
Under this new model, blockchain allows each individual data owner to be able to share his/her
personal data in a selective way, with just a double click. It also allows them to access those
assets and to delete them totally or partially. The user interface is simple, easy to access, read
and understand, in order to follow GDPR guidelines (2). Figures 3 and 4 shows screen
shots or the user interface from the Business Process Management Application.
Figures 3 and 4. Intuitive Data owner interface to register, accept, access, modify or delete personal data
Application, the process flow shall be programmed so that data sharing can be initiated
by the data owner, who sends the request to share data. The system must identify it,
extracting the file hash before sharing it. Likewise, the entity with whom the data is being
shared with can initiate this request to the data owner through a web message. This flow
architecture. And this is done with a very simple and intuitive interface, allowing the
consent must be targeted to the individual, who must have access to individual data in a
granular way.
Another core piece of this solution is the Data Integration Software. Data will be collected
and stored both in the public cloud and on-prem. As the blockchain confirms that consent
has been given on a data asset, the Business Process Application will send the request to
store the data. The Data Integration Application will assure the compatibility across the
8
The Business Process Management Application and the Data Integration Application
have been programmed to address the GDPR controls. The legal partner at mHealthAlert
has provided guidance on the GDPR controls needed to be programmed. Based on this,
1. The data owner sends the request for registration through a web interface.
2. The data owner enters identity and other personal profile data. The data owner
reconfirms that he/she authorizes data sharing. This information is sent to the
repository inside the mHealthAlert cloud for farther use for medical services
purposes.
9
5. The Business Process Management Application requests the hash for the data
sharing authorization file for that patient identity. It also sends the
the pseudonymization application. Through this code, the patient identity will be
6. The hash and the pseudonymization applications obtain the profile file from the
on-premises repository.
8. The pseudonym and the hash are sent to the Business Process Management
Application.
9. The Business Process Management Application sends the pseudonym and the
hash to the blockchain API through the Data Integration Application. The
transaction is added as a block in the blockchain after having been processed and
accepted using the Byzantine Fault Tolerance Consensus Algorithm (BFT). The
API is located in a mission critical service level public cloud, where three nodes
are part of the blockchain for the transaction validation using Byzantine Fault
validated and therefore, added to the blockchain as long as 2/3 of the nodes agree.
Transaction = α
10
Figure 6 Message flow across nodes in a Byzantine Fault Tolerant Consensus Algorithm [16]
Based on the majority of agreements, each node validates and inserts the
Block fields are: date, authorization file hash (hash only) and pseudonym.
10. The blockchain receipt is sent to the Data Integration Application, which sends
This model will support the extension to other blockchain communities. Based on future
multichain capabilities, this flow could be set for multichain environments, allowing the
11
Blockchain also enables one of the key changes that GDPR is forcing to implement: data
portability rights. Under this architecture, data owners can select the chain to which they
would like to share their data with. Data authorization can be registered and spammed to
the new entities or communities, while being deleted from the previous ones.
Thanks to this solution, patients can easily share medical records across different legal
entities. This allows medical files sharing at big scale. This use case increases the speed
for treatment, prevents human errors and facilitates a more collaborative approach across
different medical institutions. The patient will benefit from a medical treatment that is
considering all medical history. This avoids duplication of tests, allows evolution
3.3. Architecture
Below we explain in detail the components of the architecture and how they interact:
12
1. The IoT network has different subnetworks. One is dedicated to collect patient´s
data from sensors. Sensors differ from health industry vendor depending on the
purpose. Vendor “AND” collects weight and blood pressure data. “Foracare” is
the provider for glucose and temperature meters. “NONIN” manufactures the
oxygen and pulse meter. They all collect bio-information and send it via Bluetooth
smartphones or wearables. These IoT software agents will collect bio-data and
3. The third IoT subnetwork comprises all the mobile and fixed devices that will
protocols. This is the IoT network from which the users will register and will
4. All IoT devices from the different three networks communicate with the
the Artificial Intelligence Suite. When a new user registers, the mobile application
or the web interface will prompt the user to consent to share private data. As
already explained with all details in point 3.2., the Business Process Management
application will orchestrate the processes, requests and resources needed, so that
the transaction of data sharing is finalized, the blockchain receipt is stored and
13
private data is shared and stored in different legacy systems from the blockchain
community members.
5. The pseudonymization application sorts out is key blockchain issue: consent must
be automatized in a way that no personal data is kept in the blockchain after the
data owner had asked for data deletion. This is the key problem for blockchain
based applications dealing with personal data; they need to keep consent records
immutable, while not keeping any personal data at all in the blockchain. The
generates a pseudonym, providing anonymity to the data owner. It will also send
the pseudonym and the ID to a local data base, in an on premises repository. For
the regulation requirements and control, this data base will be on premises,
assuring European data jurisdiction. The data base update is out of the blockchain
6. As explained in point 3.2., information will be shared and stored in other systems
from the blockchain community, for example, at the hospital´s data centre. When
a doctor accesses patient´s information, the doctor can see patient´s consent, too.
Also, the doctor can get relevant medical information, such as real time bio-data,
statistics, alarms if health thresholds are passed over and profile information. This
Application.
7. The blockchain applications, both for GDPR consent and AI auditing, are based
on another public cloud, mission critical, in order to assure low latency. The
14
blockchain is a key challenge. The architecture shall be validated to assure that
processes programming so that they can track which doctors or medical leads
9. The AI Suite ingests IoT sensor logs streams in real time, transforms and analyses
those using deep learning. A copy of this data is kept in an unstructured repository
in the mHealthAlert Cloud. A visualizer shows real time dashboards that can be
Figure 8 shows how a medical entity can control how alerts are distributed across
doctors’ units. Each unit can have more doctors assigned depending on current
number of alerts and trends. This dashboard is customized by the medical lead.
15
Figure 9 shows how doctors and medical leads can extract data insights from all
the IoT alerts network to understand which are the most common illnesses.
Figure 10 shows how doctors and medical leads can know which are the busiest
and highest risk hours of the day. These insights are extracted from all the IoT
alerts network data, but only the data insights are shared, nit the data sources. It is
shared virtualized through a web browser upon request. Each request (or query)
is kept in the cloud blockchain application for auditing and ethics control
purposes.
16
Figure 10. Alert dashboard by hour
3.4. Performance:
In the introduction, we explained how performance was a key issue, due to the time to
200ms. This threshold was set as the maximum latency value before integrating the
17
The tasks that are related to customer interaction will be the most latency sensitive for
this specific use case. As it is shown in the traces, the latency has an average of 130ms,
Figure 11 also shows that transactions are consistent across all nodes, avoiding
In this paper, we have proposed an architecture that would address GDPR consent based
identity, so that no personal data is kept in the blockchain. The architecture here presented
We have described the data architecture and flow, integrated with the Business Processes
Management Application and the Data Integration Application. How the Data Integration
Also, it had to be integrated with an IoT network of sensors, IoT SW agents and mobile
devices, as well as the data centre and back end services such as AAA, operations,
catalogue and billing. This architecture has been integrated and deployed in a hybrid
cloud environment, integrating two public clouds and the on-premise data centre.
The deployment proves that blockchain provides immutable consent records, which was
a key objective. Another key objective achieved is to keep immutable records of the data
insights queries sent to the AI Suite for ethics and auditing purposes.
18
The defined architecture has been designed in modular way, which will allow multiple
future integrations with other processes and future use cases, described as following.
Data donation for research purposes: described as the “donation” of collective health data
from different patients for research purposes. This means that each patient could decide
to share their health application data based on blockchain with research entities as long
section 2, the architecture we have described in this paper has been designed so that future
Trust” [18] System will complement the architecture, in order to provide blockchain
members, they will have access to valuable information, such as false positives from their
sensors (number of ignored alerts), so that devices can be improved. They will be able to
interact with the AI Suite Cloud and their queries will be registered.
19
Figure 10. Alert dashboard by hour
blockchains, and therefore, different health and/or research communities. This means that
features develop, the proposed architecture in this paper could scale as a common privacy
control cloud platform as-a-service that could enable data owners to keep control of all
their data assets. This would mean creating an abstraction of all data consent across all
entities in a multichain model. This would allow citizens to visualize which different
blockchains (entities) hold their personal data, always using a unique data ID that will
make impossible to identify the real data owner identity. This future development will
20
allow the data owners to take actions on their data from a single application, especially
for deletion purposes. This could be the beginning of “privacy service providers” or a
service that public entities could provide to help citizens to protect their privacy.
5. References
21
9. M. Berberich, M. Steiner. Blockchain Technology and the GDPR - How to
Reconcile Privacy and Distributed Ledgers? . European Data Protection Law
Review, Vol. 2, No. 3. (2016), pp. 422-426, doi:10.21552/edpl/2016/3/21
11. Guy Zyskind ; Oz Nathan ; Alex 'Sandy' Pentland. Decentralizing Privacy: Using
Blockchain to Protect Personal Data. IEEE. 2015 IEEE Security and Privacy
Workshops. 20th July of 2015.
https://ieeexplore.ieee.org/abstract/document/7163223
12. Drew Ivan. Moving Toward a Blockchain-based Method for the Secure Storage
of Patient Records. Official Website of The Office of the National Coordinator
for Health Information Technology (ONC), USA. August 2016.
https://www.healthit.gov/sites/default/files/9-16-
drew_ivan_20160804_blockchain_for_healthcare_final.pdf
13. Yue, X., Wang, H., Jin, D. et al. J Healthcare Data Gateways: Found Healthcare
Intelligence on Blockchain with Novel Privacy Risk Control. Journal of Medical
Systems. Med Syst (2016) 40: 218. https://doi.org/10.1007/s10916-016-0574-6
14. Tien Tuan Anh Dinh, Ji Wang, Gang Chen Zhejiang, Rui Liu, Beng Chin Ooi,
Kian-Lee Tan. Blockbench: A Framework for Analyzing Private Blockchains.
SIGMOD '17 Proceedings of the 2017 ACM International Conference on
Management of Data. Pages 1085-1100. Chicago, Illinois, USA — May 14 - 19,
2017 https://dl.acm.org/citation.cfm?id=3064033
15. Du Mingxiao ; Ma Xiaofeng ; Zhang Zhe ; Wang Xiangwei ; Chen Qijun. A review
on consensus algorithm of blockchain. 2017 IEEE International Conference on
Systems, Man, and Cybernetics (SMC) 01 December 2017
https://ieeexplore.ieee.org/abstract/document/8123011
16. Guy Golan Gueta (VMware Research) Ittai Abraham (VMware Research), Shelly
Grossman (TAU) Dahlia Malkhi (VMware Research) Benny Pinkas (BIU),
Michael K. Reiter (UNC-Chapel Hill) Dragos-Adrian Seredinschi (EPFL), Orr
Tamir (TAU) Alin Tomescu (MIT). SBFT: a Scalable Decentralized Trust
Infrastructure for Blockchains. journal={CoRR}, year={2018},
volume={abs/1804.01626} https://arxiv.org/pdf/1804.01626.pdf
17. Alchieri E.A.P., Bessani A.N., da Silva Fraga J., Greve F. (2008) Byzantine
Consensus with Unknown Participants. In: Baker T.P., Bui A., Tixeuil S. (eds)
22
Principles of Distributed Systems. OPODIS 2008. Lecture Notes in Computer
Science, vol 5401. Springer, Berlin, Heidelberg.
https://link.springer.com/chapter/10.1007/978-3-540-92221-6_4
18. Mohamed Tahar Hammi, Badis Hammi, Patrick Bellot, Ahmed Serhrouchni,
Bubbles of Trust: a decentralized Blockchain-based authentication system for IoT.
Computers & Security, Volume 78, September 2018, Pages 126-142.
23
BRIEF BIO
M. TERESA VILLALBA received her degree in Mathematics in 1996 and her master' degree in
Computer Science in 1998 from the Universidad Complutense de Madrid, Spain. She holds a PhD
in Computer Sciences with special mention to the best dissertation from Universidad de Alcalá,
Madrid. She is an associate professor in Languages and computer systems since 2014 at
Universidad Europea de Madrid (UEM) belonging to Laureate Network Universities based on
Baltimore where she works since 2002. There she has developed different facets both in the
areas of research and management, and teaching with 15 years of experience teaching in the
computer and telecommunications degrees (bilingual), as well as in the research subjects of the
Doctorate Program of Multidisciplinary Engineering and in different master's degrees, in
addition to supervising doctoral theses in the doctoral program in Education, as well as in
Computer Engineering. In her teaching training she has intervened in more than 20 congresses
of teaching innovation and has attended more than 60 pedagogical training courses, teaching
pedagogical training to other teachers. She has been academic director of the Engineering
School (2010-2012) depending directly on the School's Director and defining the online
academic and pedagogical model, which earned her the European University's quality award in
2011 with the proposal "Improving training" offered to our students through the design of new
learning formats. " She has been a postgraduate director since 2007. She is also part of the panel
of experts of the Madrimasd Foundation (Autonomous government of Madrid Education Board)
for the accreditation of Higher Education degrees (since 2015). Currently she is senior researcher
of the School of Research and Doctoral studies in charge of a multidisciplinary research group in
Educational Technology. Her areas of research are information security and technology applied
to education. Among her research interests are how educational technology can support people
with educational special needs. She collaborates with Plena Inclusion (main organization
representing the interests of people with intellectual or developmental disabilities) since 2014,
and has led several research projects in collaboration with them to help kids and youngers, with
intellectual or developmental disabilities, to learn through mobile e-learning and gamification.
The app was finalist in the Telecommunications innovation awards for the best social solution
of Vodafone Telecom Spain. In addition, she has led 4 ERASMUS+ projects about Technology
applied to education, and has participated and led other more than 25 national and international
research projects. She has published more than 60 research papers, conference papers and
books. She has obtained different awards: the best thesis of her promotion, the best research
in ICT Security in Spain in 2011 by Red Seguridad, the best teacher in the 2011-12 academic year
and the quality award for the definition of the online model of Personal University, and has
received the awards Cisco Instructor Excellence Award 2012 and Microsoft Innovative Educator
Expert for the second year in a row (2016, 2017). Lately, she has received the David A. Wilson
Award for Excellence for Research in Teaching and Learning in Higher Education (2018) which
recognizes the trajectory of faculty members in the field of excellence and innovation in higher
education teaching and learning by conferring an award in the form of a research grant (research
project: Digital Transformation of Higher Education: Assessment Framework for Improvement
of Digital Skills). Moreover, this last year, one of her supervised theses has received the prize for
the best research in privacy by the Spanish Agency for Data Protection (Spain Government,
2018). Since 2015, she has been the Spanish representative of the Legal & Security Issues Task
Force at CEPIS (Council of the European Professional Informatics Society) based in Brussels.
PILAR SANTAMARIA BIOGRAPHY SUMMARY
Pilar Santamaria is the VP Innovation EMEA and CTO for Dell Technologies.
She is also an Associate Professor at the European University of Madrid, since 2008.
Director of researches and key speaker at international events.
She is a bachelor in Computer and Science, MBA by University of Navarra and PhD, (all
but dissertation) at the European University of Madrid, in “Control Systems applied to
healthcare, Computer and Science department”.
She is also “Cloud Expert” at the European Commission, Board Member for Innovation
at the Spanish Computer Science Engineers Association.
She previously has held executive roles at Microsoft and Cisco. Former Director Cloud
and Enterprise at Microsoft Spain and Head of SaaS at Cisco, Worldwide.