The SPECIAL-K Personal Data Processing Transparency and Compliance Platform. (arXiv:2001.09461v3 [cs.CR] UPDATED)

The European General Data Protection Regulation (GDPR) brings new challenges
for companies who must ensure they have an appropriate legal basis for
processing personal data and must provide transparency with respect to personal
data processing and sharing within and between organisations. Additionally,
when it comes to consent as a legal basis, companies need to ensure that they
comply with usage constraints specified by data subjects. This paper presents
the policy language and supporting ontologies and vocabularies, developed
within the SPECIAL EU H2020 project, which can be used to represent data usage
policies and data processing and sharing events. We introduce a concrete
transparency and compliance architecture, referred to as SPECIAL-K, that can be
used to automatically verify that data processing and sharing complies with the
data subjects consent. Our evaluation, based on a new compliance benchmark,
shows the efficiency and scalability of the system with increasing number of
events and users.