Machine Understandable Policies and GDPR Compliance Checking
This work addresses the need for automated compliance verification under GDPR, which is crucial for organizations handling personal data in the EU, representing a domain-specific incremental improvement.
The paper tackles the problem of ensuring GDPR compliance in data processing by developing a policy language and automated compliance checking tools, enabling data controllers and processors to verify that personal data handling aligns with consent and regulatory obligations.
The European General Data Protection Regulation (GDPR) calls for technical and organizational measures to support its implementation. Towards this end, the SPECIAL H2020 project aims to provide a set of tools that can be used by data controllers and processors to automatically check if personal data processing and sharing complies with the obligations set forth in the GDPR. The primary contributions of the project include: (i) a policy language that can be used to express consent, business policies, and regulatory obligations; and (ii) two different approaches to automated compliance checking that can be used to demonstrate that data processing performed by data controllers / processors complies with consent provided by data subjects, and business processes comply with regulatory obligations set forth in the GDPR.