This work addresses the current lack of systematic and verifiable approaches for demonstrating organizational compliance with data protection principles. It introduces, for the first time, a formal argumentation methodology into this domain, proposing a structured approach grounded in a compliance argumentation framework that integrates legal and technical requirements to construct an auditable chain of compliance evidence. The proposed method enables organizations to generate transparent and verifiable compliance arguments, thereby significantly enhancing the consistency, efficiency, and trustworthiness of assessments conducted by regulators, certifiers, and data subjects. By establishing a reusable argumentation paradigm, this study advances practical data protection compliance through rigorous, evidence-based reasoning.

We show how conformance arguments can be used by organisations to substantiate claims of conformance to data protection principles. Use of conformance arguments can improve the rigour and consistency with which these organisations, supervisory authorities, certification bodies and data subjects can assess the truth of these claims.