An application of Semantic Web Technologies to GDPR compliance of University Processes and Personal Data processing

Tracking #: 2652-3866

This paper is currently under review
Beniamino Di Martino
Pasquale Cantiello
Luigi Colucci Cante
Alfonso Diana
Antonio Esposito
Mariangela Graziano
Michele Mastroianni

Responsible editor: 
Guest Editors ST 4 Data and Algorithmic Governance 2020

Submission type: 
Full Paper
The recent GDPR regulations have had a huge impact on higher education and research institutions, especially in cases where personal data from students or other involved subjects are involved. This has led to a profound review of administrative processes and research protocols, and to the necessity of automatic means to verify the conformity of existing processes to current regulations. Many institutions are trying to formalize their internal processes and protocols by using standard formalisms, BPMN being the main formalism adopted. By developing semantic models to enable the annotation of such formally described processes, it is possible to define logical rules that verify their conformity against the GDPR regulations. In this paper, we provide a semantic model for the description of GDPR concepts, together with a semantic meta-model that contains concepts used to describe the structural elements of the analysed BPMNs and to annotate them with concepts from the Domain in which the Business Process itself operates. We then define conformity rules to apply to the annotated BPMN to validate it. A use case, referred to processes developed within an Italian University, is described to demonstrate the applicability of the approach.
Full PDF Version: 
Under Review