Protecting Information Systems (IS) relies traditionally on security risk analysis methods. Designed for well-perimetrised environments, these methods rely on a systematic identification of threats and vulnerabilities to identify efficient control-centered protection countermeasures. Unfortunately, this does not fit security challenges carried out by the opened and agile organizations provided by the Social, Mobile, big data Analytics, Cloud and Internet of Things (SMACIT) environment. Due to their inherently collaborative and distributed organization, such multi-tenancy systems require the integration of contextual vulnerabilities, depending on the a priori unknown way of using, storing and exchanging data in opened cloud environment. Moreover, as data can be associated to multiple copies, different protection requirements can be set for each of these copies, which may lead the initial data owner lose control on the data protection. To overcome these limits, we propose a Data centered Usage based Protection model relying on an IS description model to set a consistent protection for data assets. Protection means are defined according to both organizational and technical risks. To this end, we propose a GDPR compliant security and extended usage ontology which is used to define usage-control assertions coupling usage rights to security countermeasures so that data assets can be efficiently protected according to both organizational and technical dimensions. Thanks to a Blockchain-based usage control, our Data centered and Usage based Protection architecture also allows tracking the way assets are used so their life-long protection can be checked.