An Ontology Capturing the Interdependence of the General Data Protection Regulation (GDPR) and Information Security

Abstract

High returns for processing personal data and low penalties for privacy violations led to the circumstance that protection of privacy was often not considered a priority. To counter this habit and to harmonize data protection laws throughout the European Union, the EU-Commission has adopted the General Data Protection Regulation (GDPR), clarifying data subject rights and ensuring an appropriate level of privacy protection. Through high penalties for non-compliance (i.e. up to 2% - 4% of the annual worldwide turnover), GDPR was able to put high pressure on organizations to comply with the requirements. However, studies have shown that organizations are often overwhelmed by the actual requirements. In this paper, we therefore aim to support organization to understand this complex topic by providing an ontology-based data protection knowledge base, which highlights the interdependency of GDPR and information security.