Paper Title
A Semantic Rule-Based Approach for Software Privacy by Design
Abstract
Information system business is currently witnessing an increasing demand for system conformance with the
international regime of GRC Governance, Risk and Compliance. Among different compliance approaches, data protection
and privacy laws plays a key role. In this paper, we propose a compliance requirement analysis method from early stages of
system modelling based on a semantically-rich model, where a mapping can be established from data protection and privacy
requirements defined by laws and regulations to system business goals and contexts. The early consideration of requirements
satisfies Privacy by Design, a key concept in General Data Protection Regulation 2012. The proposed semantic model
consists of a number of ontologies each corresponding to a knowledge component within the developed framework of our
approach. Each ontology is a thesaurus of concepts in the compliance related to system along with relationships and rules
between these concepts that encompass the domain knowledge. The main contribution of the work presented in this paper is
the ontology-based compliance framework that demonstrates how description-logic reasoning techniques can be used to
simulate legal reasoning requirements employed by legal professions against the description of each ontology.
Keywords - Ontology, Compliance, Risk Analysis, Data Protection, Security, Privacy by Design, Requirement Engineering