Using Ontologies to Model Data Protection Requirements in Workflows

Data protection, currently under the limelight at the European level, is undergoing a long and complex reform that is finally approaching its completion. Consequently, there is an urgent need to customize semantic standards towards the prospective legal framework. The aim of this paper is to provide a bottom-up ontology describing the constituents of data protection domain and its relationships. Our contribution envisions a methodology to highlight the (new) duties of data controllers and foster the transition of IT-based systems, services/tools and businesses to comply with the new General Data Protection Regulation. This structure may serve as the foundation in the design of present and future information systems abiding to data protection legal requirements.