Modelling legal knowledge for GDPR compliance checking

In the last fifteen years, Semantic Web technologies have been successfully applied to the legal domain. By composing all those techniques and theoretical methods, we propose an integrated framework for modelling legal documents and legal knowledge to support legal reasoning, in particular checking compliance. This paper presents a proof-of-concept applied to the GDPR domain, with the aim to detect infringements of privacy compulsory norms or to prevent possible violations using BPMN and Regorous engine

Effective corporate data quality management: systematic literature review

As the entire world is in the transition becoming more and more data-driven, the quality of the data has become a major issue for individuals, organizations, governments and societies. The vast amount of data created every day has created various business opportunities, but the opportunity to use the data still varies due to the quality problems of the data. The next crucial issue in creating a more intelligent society is to standardize and develop effective corporate data quality management. This thesis reviews previous studies on data quality management in order to study how an organization should manage its data quality. The focus is in business organizations, but the material reviewed consists of case studies from various organizations (e.g. military, government) indicating a society-wide issue. This research conducts a systematic literature review on the existing material on data quality and data quality management. The goal of the systematic literature review is to review the material so that the review can be repeated according to an existing criteria. Originating from natural sciences, the systematic literature review is meant to reduce the personal bias of the researchers and increase the thoroughness and critical assessment. Another method used in the study is snowball linking method. This study reviews the existing literature about managing strategic data assets. The focus points of the research are the definition and assessment of the organizational data quality, current issues in the data quality management, and data quality management. The results of the literature review are further discussed. The focus points of the discussion are the results, the possible limitations of the research and further study points.Koko maailman muuttuessa yhä enemmän datan ohjaamaksi datan laatu on noussut merkittäväksi asiaksi henkilöille, organisaatioille, hallinnoille ja yhteiskunnille. Joka päivä luotu valtava datan määrä on luonut erilisia liikemahdollisuuksia, mutta data laadun ongelmat vaikuttavat suuresti mahdollisuuksiin käyttää dataa. Seuraava merkittävä asia älykkäämmän yhteiskunnan luomisessa on standardisoida ja kehittää tehokasta yrityksen datan laadunhallintaa. Tämä Pro gradu-tutkielma tarkastelee aikaisemmin kirjoitettuja datan laadunhallinnan tutkimuksia selvittääkseen miten organisaation tulisi hallinnoida datan laatua. Tutkielma keskittyy yrityksiin, mutta tutkittu materiaali koostuu tutkimuksista, joita on tehty mitä erilaisimmille organisaatioille, kuten esimerkiksi asevoimat ja hallitukset. Tämä osoittaa että kyseessä on koko yhteiskuntaa koskettava ongelma. Tässä tutkielmassa toteutetaan systemaattinen kirjallisuuskatsaus olemassa olevalle tutkimusmateriaalille datan laadusta ja sen hallinnasta. Systemaattisen kirjallisuuskatsauksen tarkoitus on tarkastella tutkimusmateriaalia niin että kirjallisuuskatsaus voidaan toisintaa määritettyjen kriteerien puitteessa. Systemaattinen kirjallisuuskatsaus tulee alun perin luonnontieteellisestä tutkimuksesta ja sen tarkoitus on vähentää tutkijoiden henkilökohtaisia ennakkoasenteita ja lisätä tutkimusmateriaalin kattavuutta ja kriittistä arviota. Toinen käytetty tutkimusmenetelmä on lumipallometodi. Tämä tutkielma tarkastelee olemassa olevaa kirjallisuutta strategisen datan hallinnasta. Tutkimus keskittyy datan laadun määrittämiseen ja arviointiin, nykyisiin ongelmiin datan laadunhallinnassa ja malliin datan laadunhallintaan. Kirjallisuuskatsauksen tuloksista keskustellaan pidemmälle. Tutkielma keskittyy keskustelemaan tuloksista, tutkimuksen mahdollisista rajoitteista ja mahdollisista tulevaisuuden tutkimuskohteista

A Practical Data-Flow Verification Scheme for Business Processes

Data in business processes is becoming more and more important. Current standards for process-modeling languages like BPMN 2.0 which include the data flow reflect this. Ensuring the correctness of the data flow in processes is challenging. Model checking, i. e., verifying properties of process models, is a well-known technique to this end. An important part of model checking is the construction of the state space of the model. State-space explosion however typically is in the way of an effective verification. We study how to overcome this problem in our context by means of reduction. More specifically, we propose a reduction on the level of the process model. To our knowledge, this is new for the data-flow analysis of processes. To accomplish this, we specify regions relevant for the verification of properties describing the data flow. Our evaluation shows that our approach works well on real process models

Automating the Semantic Mapping between Regulatory Guidelines and Organizational Processes

The mapping of regulatory guidelines with organizational processes is an important aspect of a regulatory compliance management system. Automating this mapping process can greatly improve the overall compliance process. Currently, there is research on mapping between different entities such as ontology mapping, sentence similarity, semantic similarity and regulation-requirement mapping. However, there has not been adequate research on the automation of the mapping process between regulatory guidelines and organizational processes. In this paper, we explain how Natural Language Processing and Semantic Web technologies can be applied in this area. In particular, we explain how we can take advantage of the structures of regulation-ontology and the process-ontology in order to compute the similarity between a regulatory guideline and a process. Our methodology is validated using a case study in the Pharmaceutical industry, which has shown promising results

Using patterns for the analysis and resolution of compliance violations

Today's enterprises demand a high degree of compliance of business processes to meet laws and regulations, such as Sarbanes-Oxley and Basel II. Compliance should be enforced during all phases of business process lifecycle, from the phases of analysis and design to deployment, monitoring and evaluation. In this paper, a taxonomy of compliance constraints for business processes is introduced based on the notion of compliance patterns. Patterns facilitate the formal specification of compliance constraints that enable their verification and analysis against business process models. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually to resolve design-time compliance violations, by providing appropriate guidelines as remedies to alleviate design-time compliance deviations. We have developed and integrated a set of tools to observe and evaluate the applicability of our approach, and experiment with it in case studies

Using patterns for the analysis and resolution of compliance violations

Today's enterprises demand a high degree of compliance of business processes to meet laws and regulations, such as Sarbanes-Oxley and Basel II. Compliance should be enforced during all phases of business process lifecycle, from the phases of analysis and design to deployment, monitoring and evaluation. In this paper, a taxonomy of compliance constraints for business processes is introduced based on the notion of compliance patterns. Patterns facilitate the formal specification of compliance constraints that enable their verification and analysis against business process models. This taxonomy serves as the backbone of the root-cause analysis, which is conducted to reason about and eventually to resolve design-time compliance violations, by providing appropriate guidelines as remedies to alleviate design-time compliance deviations. We have developed and integrated a set of tools to observe and evaluate the applicability of our approach, and experiment with it in case studies. © 2012 World Scientific Publishing Company