The European General Data Protection Regulation (GDPR) brings new challenges for companies who must ensure they have an appropriate legal basis for processing personal data and must provide transparency with respect to personal data processing and sharing within and between organisations. Additionally, when it comes to consent as a legal basis, companies need to ensure that they comply with usage constraints specified by data subjects. This paper presents the policy language and supporting ontologies and vocabularies, developed within the SPECIAL EU H2020 project, which can be used to represent data usage policies and data processing and sharing events. We introduce a concrete transparency and compliance architecture, referred to as SPECIAL-K, that can be used to automatically verify that data processing and sharing complies with the data subjects consent. Our evaluation, based on a new compliance benchmark, shows the efficiency and scalability of the system with increasing number of events and users.
翻译:《欧洲一般数据保护条例》为公司带来了新的挑战,这些公司必须确保拥有处理个人数据的适当法律基础,必须在组织内部和组织之间处理和分享个人数据方面提供透明度;此外,在将同意作为法律依据时,公司需要确保其遵守数据主体规定的使用限制;本文件介绍了在欧盟特别H2020项目范围内开发的政策语言和支持理论和词汇,可用于代表数据使用政策以及数据处理和共享活动;我们引入了称为 " 特别K " 的具体透明度和合规架构,可用于自动核实数据处理和共享符合数据主体同意的情况;我们根据新的合规基准进行的评估显示,该系统的效率和可扩增的事件和用户数量。