An Ontology-based Framework for International Data Transfer and GDPR Compliance

Research output: Contribution to journalJournal articlepeer-review

Cross-border data transfers and their legal aspects have created a daunting landscape for application and service providers, in which rules and regulations need to be constantly monitored and addressed, especially in dynamic scenarios such as cloud brokerage or cloud/edge continuum operations. Even if regulations such as the General Data Protection Regulation (GDPR) have started to mature and be understood by the IT industry, further complexity has been added by relatively recent court rulings (such as the Schrems II decision) that create new challenges for the IT domain. The latter is heavily oriented towards a fully automated operational environment thus the consideration of the legality of a data transfer is necessary to comply with current regulations. The aim of this work is to semantically model several concepts surrounding international data transfers and based on the current changes and formulate them around a newly defined ontology (CIDaTa). The work exploits 23 existing ontologies, as dictated by the Linked Data paradigm, and introduces 50 links between them. This will aid in answering questions regarding the legality of a transfer or the necessary steps needed to achieve it. Example questions set to the framework are demonstrated that can enhance the understanding of the implications of a data transfer, enabling future additions that can lead to more automated management of these transfers.
Original languageEnglish
JournalInternational Journal of Metadata, Semantics, and Ontology
Number of pages21
Publication statusSubmitted - Feb 2023

ID: 316923519