Fast Compliance Checking with General Vocabularies
This addresses compliance challenges for companies handling personal data under GDPR, though it is incremental as it builds on existing OWL2 and reasoning techniques.
The paper tackles the problem of ensuring GDPR compliance for personal data processing on the web by introducing an extensible OWL2-based language for data protection policies, enabling scalable compliance checking through subsumption queries and IBQ reasoning, with experiments showing significant performance improvements.
We address the problem of complying with the GDPR while processing and transferring personal data on the web. For this purpose we introduce an extensible profile of OWL2 for representing data protection policies. With this language, a company's data usage policy can be checked for compliance with data subjects' consent and with a formalized fragment of the GDPR by means of subsumption queries. The outer structure of the policies is restricted in order to make compliance checking highly scalable, as required when processing high-frequency data streams or large data volumes. However, the vocabularies for specifying policy properties can be chosen rather freely from expressive Horn fragments of OWL2. We exploit IBQ reasoning to integrate specialized reasoners for the policy language and the vocabulary's language. Our experiments show that this approach significantly improves performance.