Fast Compliance Checking with General Vocabularies

Abstract: We address the problem of complying with the GDPR while processing and transferring personal data on the web. For this purpose we introduce an extensible profile of OWL2 for representing data protection policies. With this language, a company's data usage policy can be checked for compliance with data subjects' consent and with a formalized fragment of the GDPR by means of subsumption queries. The outer structure of the policies is restricted in order to make compliance checking highly scalable, as required when processing high-frequency data streams or large data volumes. However, the vocabularies for specifying policy properties can be chosen rather freely from expressive Horn fragments of OWL2. We exploit IBQ reasoning to integrate specialized reasoners for the policy language and the vocabulary's language. Our experiments show that this approach significantly improves performance.