This paper shows how knowledge representation and reasoning techniques can be
used to support organizations in complying with the GDPR, that is, the new
European data protection regulation. This work is carried out in a European
H2020 project called SPECIAL. Data usage policies, the consent of data
subjects, and selected fragments of the GDPR are encoded in a fragment of OWL2
called PL (policy language); compliance checking and policy validation are
reduced to subsumption checking and concept consistency checking. This work
proposes a satisfactory tradeoff between the expressiveness requirements on PL
posed by the GDPR, and the scalability requirements that arise from the use
cases provided by SPECIAL's industrial partners. Real-time compliance checking
is achieved by means of a specialized reasoner, called PLR, that leverages
knowledge compilation and structural subsumption techniques. The performance of
a prototype implementation of PLR is analyzed through systematic experiments,
and compared with the performance of other important reasoners. Moreover, we
show how PL and PLR can be extended to support richer ontologies, by means of
import-by-query techniques. PL and its integration with OWL2's profiles
constitute new tractable fragments of OWL2. We prove also some negative
results, concerning the intractability of unrestricted reasoning in PL, and the
limitations posed on ontology import