Data Privacy Vocabulary (DPV)

version 2.0

Final Community Group Report

This version:
https://www.w3.org/community/reports/dpvcg/CG-FINAL-dpv-20240801/
Latest published version:
https://w3id.org/dpv/
Latest editor's draft:
https://dev.dpvcg.org/dpv
Editor:
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Authors:
Beatriz Esteves (IDLab, IMEC, Ghent University)
Delaram Golpayegani (ADAPT Centre, Trinity College Dublin)
Georg P. Krog (Signatu AS)
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Julian Flake (University of Koblenz)
Paul Ryan (Uniphar PLC)
Feedback:
GitHub w3c/dpv (pull requests, new issue, open issues)
This Release
https://w3id.org/dpv/2.0
Previous Release
https://w3id.org/dpv/1.0
Key Publications
Data Privacy Vocabulary (DPV) -- Version 2 (2024)
Creating a Vocabulary for Data Privacy (2019)

Abstract

The Data Privacy Vocabulary [DPV] enables expressing machine-readable metadata about the use and processing of personal data based on legislative requirements such as the General Data Protection Regulation [GDPR]. This document describes the DPV specification along with its data model. The canonical URL for DPV is https://w3id.org/dpv which contains (this) specification. The namespace for DPV terms is https://w3id.org/dpv#, the suggested prefix is dpv, and this document along with source and releases are available at https://github.com/w3c/dpv.

Status of This Document

This specification was published by the Data Privacy Vocabularies and Controls Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Final Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and Business Groups.

Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.

GitHub Issues are preferred for discussion of this specification.

Data Privacy Vocabulary (DPV) Specification: is the base/core specification for the 'Data Privacy Vocabulary', which is extended for Personal Data [PD], Locations [LOC], Risk Management [RISK], Technology [TECH], and [AI]. Specific [LEGAL] extensions are also provided which model jurisdiction specific regulations and concepts - see the complete list of extensions. To support understanding and applications of [DPV], various guides and resources [GUIDES] are provided, including a [PRIMER]. A Search Index of all concepts from DPV and extensions is available.

[DPV] and related resources are published on GitHub. For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website. For meetings, see the DPVCG calendar.

The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here. The article Data Privacy Vocabulary (DPV) - Version 2, accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes the changes made in DPV v2.

2. Introduction

The motivation of DPV is to provide a 'data model' or an 'ontology' of concepts for interoperable representation and exchange of information about processing of (personal) data and the use of technologies. For this, the DPV specification defines concepts and relationships using the [RDF] standard, and which can additionally be implemented and applied using technologies appropriate to a use-case's specific requirements.

The DPV specification contains several distinct groups of concepts, some of which are provided with a taxonomy of concepts to support practical use-cases. In addition to these, 'extensions' to the DPV are also provided which further extend one or more DPV concepts or enable separation of concepts - such as for distinguishing between different jurisdictions and laws. The figure below shows an overview of the DPV concepts along with its extensions.

Figure 1 Overview of DPV v2 showing core concepts and relationships with their further expansion as taxonomies and extensions

2.1 Semantics

This document assumes the reader is familiar with DPV through the Primer for Data Privacy Vocabulary, and thus focuses on providing a topically structured documentation of concepts defined by DPV.

DPV's terms are defined using [RDFS] & [SKOS] semantics where all 'classes' and 'properties' are defined as skos:Concept in addition to rdfs:Class and rdf:Property respectively. For taxonomies or hierarchies, concepts are defined as 'instances' of a top-concept, and relationships within the hierarchy are defined using skos:broader/skos:narrower. For example, Purpose is the top concept within the purposes taxonomy, and all concepts in the purpose taxonomy are instances of it, and are related to each other using skos:broader/narrower relations, such as ServiceProvision and its more specific form RequestedServiceProvision are both instances of Purpose while being related to each other using skos:broader/narrower.

DPV serialised in OWL2 is an alternate serialisation of DPV that contains the same concepts but is provided under a different namespace with the semantics defined using [OWL]. The conversion from SKOS to OWL follows the best practices and concerns outlined in Using OWL and SKOS, e.g. by replacing skos:Concept with owl:Class, and using rdfs:subClassOf instead of skos:broader/skos:narrower. See the example showing implications of using SKOS vs OWL in the [PRIMER].

DPV consists of certain 'core concepts' that are intended to be independent representations of specific information, and are distinct from other core concepts. For example, the Purpose refers only to the purpose of why personal data is processed and is independent as a concept from the other concepts (e.g. PersonalData or LegalBasis). The structuring of DPV is based on providing rich and comprehensive taxonomies that group concepts together based on each core concept, e.g. taxonomy of purposes, taxonomy of legal basis. 'Extensions' are a separate group of concepts that expand the 'core' vocabulary to represent specific information e.g. [PD] for personal data categories and [RISK] for risk management.

2.2 Scope Change in v2

In DPV v1, the scope of the DPV and the DPVCG was limited to 'privacy', 'data protection', and the 'processing of personal data', including technologies used to perform it. Under this scope, the DPVCG discussed and modelled regulations such as the [EU-GDPR] which also share the same scope. Newer laws such as the [EU-DGA] and [EU-AIAct] share a significant overlap with this scope and necessitate their inclusion in DPVCG's activities. However, such laws utilise the same legal framework to model both personal and non-personal data (for DGA) or regulate a technology that goes beyond 'personal data' (DGA and AI Act). To enable their inclusion and representation as extensions to the DPV, and to enable adopters to utilise a single consistent framework to represent information, the scope of DPVCG and the DPV has been expanded as follows:

  1. Expansion of scope to include 'data' and 'technologies' instead of only 'personal data' - this means concepts such as Purpose which were defined as purpose associated with 'personal data' are now defined as purpose associated with 'data or technologies'.
  2. Creation of concepts to represent expanded scope - such as Data as the broader concept for both PersonalData and NonPersonalData.
  3. Changing the scope of associated extensions such as [TECH] and [RISK] to be useful for any technology and activities and not just personal data related technologies and activities.
  4. Creating [AI] as a new extension to specifically provide concepts associated with AI technologies.
  5. Creating extensions to represent concepts from laws regarding 'data and technologies' based on the new concepts and extensions created e.g. [EU-DGA] and [EU-AIAct] extensions.
  6. Creating new namespaces such as /legal/eu/gdpr instead of /dpv-gdpr to enable consisting and unambigious representation of legal extensions
  7. Restructuring the GitHub repository to accommodate the changed structure of DPV extensions

In addition to the above, the v2 scope change also includes removal of the bespoke 'DPV serialisation' which was based on a custom extension of [SKOS]. Instead, the RDFS+SKOS serialisation has been made the default serialisation, and the alternate OWL2 serialisation is continued as before.

Note: Focus of DPVCG on privacy and data protection
Note: DPV v2 is backwards-compatible with DPV v1

2.3 Core Concepts

DPV core vocabulary
Figure 2 Overview of concepts in DPV - those in red have been added in v2, those in blue have had their scope expanded to include data and technologies

The 'Core' concepts and relationships in DPV represent and associate relevant information regarding the what, how, where, who, why of personal data and its processing. These are:

Concept Relation
Data and PersonalData hasData and hasPersonalData
Purpose hasPurpose
Processing hasProcessing
Entity hasEntity
DataController hasDataController
DataProcessor hasDataProcessor
DataSubject hasDataSubject
Recipient hasRecipient
TechnicalMeasure hasTechnicalMeasure
OrganisationalMeasure hasOrganisationalMeasure
LegalBasis hasLegalBasis
Right hasRight
Risk hasRisk
Context hasContext
Technology isImplementedUsingTechnology

2.4 Taxonomies

The rest of the document expands on the core concepts through the following taxonomies.

In addition to these the Extensions section describes the available extensions which also provide additional taxonomies for specific concepts within the DPV.

3. Process

Figure 3 Example of Process being associated with other DPV concepts

To 'group' the core concepts together within a specific use-case, the concept Process and relation hasProcess are useful (the concept PersonalDataHandling was used in earlier versions for the same). For example, a 'process' about a specific application can represent the associated purposes, personal data, legal basis, etc. using the relations and provided taxonomies. Involvement or association of a process is indicated with the relation hasProcess.

Note: PersonalDataHandling in v1 is replaced with Process in v2

The following processes categories are provided to indicate e.g. the process is or is not expected to involve personal data:

3.1 Nested Processes

Instances of Process can be nested, which means one instance can contain other instances, much like a box with several smaller boxes inside. This permits breaking down complex or dense use-cases into more granular ones and representing them in a more precise and modular fashion. Such a representation also facilitates reuse of the granular or modular processes, or in defining 'templates' and 'patterns', for example to craft a single process representing collecting and storing email addresses and using it in different processes for different purposes.

From the earlier example, consider the situation where a single Process instance consists of two additional instances representing: (i) data is stored using a data processor, (ii) data is used for Marketing. While it is certainly possible to represent all of this information within one single instance of Process, the adopter may decide to create separate instances of Process based on requirements such as reflecting similar separations for legal documentation or accountability purposes.

3.2 Services

The concept Service is a general concept that represents the legal and social notion of 'service', similar to provided 'product' or 'application' or 'process', and does not represent the technical notion of services such as those associated with operating systems or 'cloud services'. Service is useful to indicate a logical grouping of processes into a single 'unit' which has legal relevance - such as a contract covering the service or the provision of a service.

Note: Service does not refer to technical service concepts

To indicate the entities involved in services, the concepts ServiceProvider and ServiceConsumer are defined along with the relations hasServiceProvider and hasServiceConsumer. Entities acting as providers and consumers can also be controllers or processors or data subjects. For example, a controller or processor may be the service provider for another controller who is the service consumer. Similarly, a processor may be the service provider for data subjects under the instructions of a data controller.

4. Entities

Figure 4 Overview of Entities defined in DPV. The use of "..." represents further concepts are available but not depicted within the diagram - click here to open diagram in a new window
Note

Please refer to entities page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the entities concepts.

DPV relies on existing well-founded interpretations for its concepts, which in this case relate to Entity as a generic universal concept and LegalEntity specifically referring to roles defined legally or within legal norms. Expanding on these, DPV provides a taxonomy of entities based on their application within laws and use-cases in the form of Legal roles, such as DataController, DataSubject, and Authority. Later, these concepts are expanded into taxonomies for different kinds of entities categorised under a common concept. For example, categories of Data Subjects such as Adult, User, or Employee; or kinds of Authorities, or categories of Organisations.

Legal Role is the role taken on by a legal entity based on definitions or criterias from laws, regulations, or other such normative sources. Legal roles assist in representing the role and responsibility of an entity within the context of processing, and from this to determine the requirements and obligations that should apply, and their compliance or conformance.

  • dpv:DataController: The individual or organisation that decides (or controls) the purpose(s) of processing personal data. go to full definition
    • dpv:JointDataControllers: A group of Data Controllers that jointly determine the purposes and means of processing go to full definition
  • dpv:DataExporter: An entity that 'exports' data where exporting is considered a form of data transfer go to full definition
  • dpv:Recipient: Entities that receive data or technologies go to full definition
    • dpv:DataImporter: An entity that 'imports' data where importing is considered a form of data transfer go to full definition
    • dpv:DataProcessor: A ‘processor’ means a natural or legal person, public authority, agency or other body which processes data on behalf of the controller. go to full definition
      • dpv:DataSubProcessor: A 'sub-processor' is a processor engaged by another processor go to full definition
    • dpv:ThirdParty: A ‘third party’ means any natural or legal person other than - the entities directly involved or operating under those directly involved in a process go to full definition
  • dpv:ServiceConsumer: The entity that consumes or receives the service go to full definition
  • dpv:ServiceProvider: The entity that provides a service go to full definition

4.2 Authorities

The concept Authority is a specific Governmental Organisation authorised to enforce a law or regulation. Authorities can be associated with a specific domain, topic, or jurisdiction. DPV currently defines regional authorities for NationalAuthority, RegionalAuthority, and SupraNationalAuthority, and DataProtectionAuthority represents authorities associated with data protection and privacy. To associate authorities with concepts, the relations hasAuthority and isAuthorityFor are provided.

  • dpv:DataProtectionAuthority: An authority tasked with overseeing legal compliance regarding privacy and data protection laws. go to full definition
  • dpv:NationalAuthority: An authority tasked with overseeing legal compliance for a nation go to full definition
  • dpv:RegionalAuthority: An authority tasked with overseeing legal compliance for a region go to full definition
  • dpv:SupraNationalAuthority: An authority tasked with overseeing legal compliance for a supra-national union e.g. EU go to full definition

4.3 Organisation

DPV provides a taxonomy of organisations based on aspects such as whether they are non-profit, international, or governmental. These concepts are useful to accurately represent the nature of organisations.

  • dpv:AcademicScientificOrganisation: Organisations related to academia or scientific pursuits e.g. Universities, Schools, Research Bodies go to full definition
  • dpv:ForProfitOrganisation: An organisation that aims to achieve profit as its primary goal go to full definition
  • dpv:GovernmentalOrganisation: An organisation managed or part of government go to full definition
  • dpv:IndustryConsortium: A consortium established and comprising on industry organisations go to full definition
  • dpv:InternationalOrganisation: An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries go to full definition
  • dpv:NonGovernmentalOrganisation: An organisation not part of or independent from the government go to full definition
  • dpv:NonProfitOrganisation: An organisation that does not aim to achieve profit as its primary goal go to full definition

4.4 Data Subjects

DPV provides a taxonomy of data subject types to assist with describing what kind of individuals or groups are associated with an use-case. Some examples of such types are agency-based roles: Adult and Child, ParentOfDataSubject, GuardianOfDataSubject; those associated with vulnerability: VulnerableDataSubject, ElderlyDataSubject, AsylumSeeker; domain-specific roles such as Patient, Employee, Student, jurisdictional roles such as Citizen, NonCitizen, Immigrant; and general roles such as User, Member, Participant, and Client.

Note: Data Subject is specific to personal data processing

5. Purposes

Figure 5 Overview of Purpose taxonomy in DPV - click here to open diagram in a new window
Note

Please refer to purposes page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the purposes concepts.

DPV’s taxonomy of purposes is used to represent the goal or reason associated with processing of personal data and use of technologies. For this, purposes are organised within DPV based on several factors such as: management functions related to information (e.g. records, account, finance), fulfilment of objectives (e.g. delivery of goods), providing goods and services (e.g. service provision), intended benefits (e.g. optimisations for service provider or consumer), and legal compliance.

DPV provides a taxonomy of Purpose instances for use with hasPurpose relation. In addition, DPV also defines the concept Sector (associated using hasSector) to indicate a contextual interpretation of the purpose within a specified sector.

6. Data & Personal Data

Figure 6 Data and Persoanl Data concepts defined in DPV - click here to open diagram in a new window
Note

Please refer to personal data page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the personal data concepts.

DPV provides the concept Data and relation hasData to indicate involvement or association of any data. The concept PersonalData and the relation hasPersonalData are provided to indicate what categories or instances of personal data are being processed. The DPV specification only provides a structure for describing personal data, e.g. as being sensitive. For specific categories of personal data for use-cases, Personal Data categories for DPV provides additional concepts that extend the DPV's personal data taxonomy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.

In addition to Personal Data, there may be a need to represent Non-Personal Data within the same contextual use-cases. For this, DPV provides the concepts NonPersonalData and SyntheticData.

To indicate data categorised based on DataSource, e.g. as "collected personal data", DPV provides: CollectedPersonalData, DerivedPersonalData, InferredPersonalData, GeneratedPersonalData, and ObservedPersonalData.

For indicating personal data which is sensitive, the concept SensitivePersonalData is provided. For indicating special categories of data, the concept SpecialCategoryPersonalData is provided. In this, the concept sensitive indicates that the data needs additional considerations (and perhaps caution) when processing, such as by increasing its security, reducing usage, or performing impact assessments. Special categories, by contrast, are a 'special' type of sensitive personal data requiring additional considerations or obligations defined in laws (or through other forms) that regulate how they should be used or prohibit their use until specific obligations are met.

To specify data is anonymised, DPV provides two concepts. AnonymisedData for when data is completely anonymised and cannot be de-anonymised, which is a subtype of NonPersonalData. And, PseudonymisedData for when data has only been partially anonymised or de-anonymisation is possible, which is a subtype of PersonalData.

DPV defines the following concepts for expressing information about data:

7. Processing Operations

Figure 7 Processing concepts defined in DPV - click here to open diagram in a new window
Note

Please refer to processing page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the processing concepts.

DPV’s taxonomy of processing concepts reflects the variety of terms used to denote processing activities or operations involving personal data, such as those from [GDPR] Article.4-2 definition of processing. Real-world use of terms associated with processing rarely uses this same wording or terms, except in cases of specific domains and in legal documentation. On the other hand, common terms associated with processing are generally restricted to: collect, use, store, share, and delete.

DPV provides a taxonomy that aligns both the legal terminologies such as those defined by GDPR with those commonly used. For this, concepts are organised based on whether they subsume other concepts, e.g. Use is a broad concept indicating data is used, which DPV extends to define specific processing concepts for Analyse, Consult, Profiling, and Retrieving. Through this mechanism, whenever an use-case indicates it consults some data, it can be inferred that it also uses that data.

For concepts related to expressing contextual information associated with processing, such as storage conditions, automation, scale, see Processing Context section.

8. Processing Context

Figure 8
Note

Please refer to processing context page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the processing context concepts.

8.1 Processing & Storage Conditions

To describe conditions associated with processing, such as its duration, or specific locations, the concept ProcessingCondition provided and extended as ProcessingDuration and ProcessingLocation along with the relation hasProcessingCondition. Storage, which is a specific form of processing, has additional dedicated concepts as StorageCondition as it is a commonly used concept. The concepts are useful to describe processing and storage conditions in policies, conditions, rules, or documentation - which are important tools for implementing and determining data protection and privacy considerations as well as legal compliance.

The concept StorageCondition and the relation hasStorageCondition represent the general or abstract conditions associated with storage of data. This is specialised to indicate StorageDuration, StorageDeletion, StorageRestoration, and StorageLocation.

  • dpv:ProcessingDuration: Conditions regarding duration or temporal limitation for processing go to full definition
  • dpv:ProcessingLocation: Conditions regarding location or geospatial scope where processing takes places go to full definition
  • dpv:StorageCondition: Conditions required or followed regarding storage of data go to full definition
    • dpv:StorageDeletion: Deletion or Erasure of data including any deletion guarantees go to full definition
    • dpv:StorageDuration: Duration or temporal limitation on storage of data go to full definition
    • dpv:StorageLocation: Location or geospatial scope where the data is stored go to full definition
    • dpv:StorageRestoration: Regularity and temporal span of data restoration/backup mechanisms that guarantee that data is preserved go to full definition

8.2 Automation

To indicate processing involves automation, the concept AutomationLevel and relation hasAutomationLevel are provided to specify the extent to which automation is implemented or applies. These levels are defined based on ISO/IEC 22989:2022 Artificial intelligence concepts and terminology.

  • dpv:AssistiveAutomation: Level of automation corresponding to Level 1 in ISO/IEC 22989:2022 where automation is limited to parts of the system or a specific part of the system in a manner that does not change the control of the human in using/driving the system go to full definition
  • dpv:Autonomous: Level of automation corresponding to Level 6 in ISO/IEC 22989:2022 where the automation in system is capable of modifying its operation domain or its goals without external intervention, control or oversight go to full definition
  • dpv:ConditionalAutomation: Level of automation corresponding to Level 3 in ISO/IEC 22989:2022 where the automation is sufficient to perform most tasks of the system with the human present to take over where necessary go to full definition
  • dpv:FullAutomation: Level of automation corresponding to Level 5 in ISO/IEC 22989:2022 where the automation in system is capable of performing all its tasks regardless of the conditions without human involvement go to full definition
  • dpv:HighAutomation: Level of automation corresponding to Level 4 in ISO/IEC 22989:2022 where the automation in system is capable of performing all its tasks within specific controlled conditions without human involvement go to full definition
  • dpv:NotAutomated: Level of automation corresponding to Level 0 in ISO/IEC 22989:2022 where there is no automation in the system go to full definition
  • dpv:PartialAutomation: Level of automation corresponding to Level 2 in ISO/IEC 22989:2022 where the automation is present in multiple parts of the system or in a manner that does not require the human to control/use these parts while still retaining control over the system go to full definition

8.3 Entity/Human Involvement

To specify how entities are involved in processing and technologies, including humans, the concept EntityInvolvement is provided along with the relation hasEntityInvolvement. Involvement of entities is categorised as 'permissive' for entities being able to perform an activity, and 'non-permissive' for when entities cannot perform an activity. A taxonomy of concepts is provided for permissive and non-permissive involvements to describe scenarios such as entity being able to opt-in or not being able to opt-out, or being able to reverse the output of a process. Involvement is also categorised as 'passive' and 'active' based on whether the entity passively or actively interacts with a 'process' or 'technology'.

To specifically indicate how humans are involved, the concept HumanInvolvement is provided. The existing terms used such as 'human in/on/out-of the loop' are not used directly as they have conflicting and ambiguous definitions and uses across different documents. Instead, the DPV concepts provide an explicit and unambiguous indication of human involvement - such as whether they are involved to provide inputs, make decisions, have oversight, or verify processes.

  • dpv:EntityActiveInvolvement: Involvement where entity is 'actively' involved go to full definition
  • dpv:EntityNonInvolvement: Indicating entity is not involved go to full definition
  • dpv:EntityNonPermissiveInvolvement: Involvement of an entity in specific context where it is not permitted or able to do something go to full definition
    • dpv:CannotChallengeProcess: Involvement where entity cannot challenge the process of specified context go to full definition
    • dpv:CannotChallengeProcessInput: Involvement where entity cannot challenge input of specified context go to full definition
    • dpv:CannotChallengeProcessOutput: Involvement where entity cannot challenge the output of specified context go to full definition
    • dpv:CannotCorrectProcess: Involvement where entity cannot correct the process of specified context go to full definition
    • dpv:CannotCorrectProcessInput: Involvement where entity cannot correct input of specified context go to full definition
    • dpv:CannotCorrectProcessOutput: Involvement where entity cannot correct the output of specified context go to full definition
    • dpv:CannotObjectToProcess: Involvement where entity cannot object to process of specified context go to full definition
    • dpv:CannotOptInToProcess: Involvement where entity cannot opt-in to specified context go to full definition
    • dpv:CannotOptOutFromProcess: Involvement where entity cannot opt-out from specified context go to full definition
    • dpv:CannotReverseProcessEffects: Involvement where entity cannot reverse effects of specified context go to full definition
    • dpv:CannotReverseProcessInput: Involvement where entity cannot reverse input of specified context go to full definition
    • dpv:CannotReverseProcessOutput: Involvement where entity cannot reverse output of specified context go to full definition
    • dpv:CannotWithdrawFromProcess: Involvement where entity cannot withdraw a previously given assent from specified context go to full definition
  • dpv:EntityPassiveInvolvement: Involvement where entity is 'passively' or 'not actively' involved go to full definition
  • dpv:EntityPermissiveInvolvement: Involvement of an entity in specific context where it is permitted or able to do something go to full definition
    • dpv:ChallengingProcess: Involvement where entity can challenge the process of specified context go to full definition
    • dpv:ChallengingProcessInput: Involvement where entity can challenge input of specified context go to full definition
    • dpv:ChallengingProcessOutput: Involvement where entity can challenge the output of specified context go to full definition
    • dpv:CorrectingProcess: Involvement where entity can correct the process of specified context go to full definition
    • dpv:CorrectingProcessInput: Involvement where entity can correct input of specified context go to full definition
    • dpv:CorrectingProcessOutput: Involvement where entity can correct the output of specified context go to full definition
    • dpv:ObjectingToProcess: Involvement where entity can object to process of specified context go to full definition
    • dpv:OptingInToProcess: Involvement where entity can opt-in to specified context go to full definition
    • dpv:OptingOutFromProcess: Involvement where entity can opt-out from specified context go to full definition
    • dpv:ReversingProcessEffects: Involvement where entity can reverse effects of specified context go to full definition
    • dpv:ReversingProcessInput: Involvement where entity can reverse input of specified context go to full definition
    • dpv:ReversingProcessOutput: Involvement where entity can reverse output of specified context go to full definition
    • dpv:WithdrawingFromProcess: Involvement where entity can withdraw a previously given assent from specified context go to full definition
  • dpv:HumanInvolvement: The involvement of humans in specified context go to full definition
    • dpv:HumanInvolved: Humans are involved in the specified context go to full definition
    • dpv:HumanInvolvementForControl: Human involvement for the purposes of exercising control over the specified operations in context go to full definition
    • dpv:HumanInvolvementForDecision: Human involvement for the purposes of exercising decisions over the specified operations in context go to full definition
    • dpv:HumanInvolvementForInput: Human involvement for the purposes of providing inputs to the specified context go to full definition
    • dpv:HumanInvolvementForIntervention: Human involvement for the purposes of exercising interventions over the specified operations in context go to full definition
    • dpv:HumanInvolvementForOversight: Human involvement for the purposes of having oversight over the specified context regarding its operations, inputs, or outputs go to full definition
    • dpv:HumanInvolvementForVerification: Human involvement for the purposes of verification of specified context to ensure its operations, inputs, or outputs are correct or are acceptable. go to full definition
    • dpv:HumanNotInvolved: Humans are not involved in the specified context go to full definition

8.4 Data Source

The concept DataSource and relation hasDataSource indicate the source of data. Here, it is important to note that 'source' is distinct from 'origin', where source is where the data came from and origin refers to where the data originated from. Data originated from a data subject can be collected and shared one entity to another, where each entity has as its source the previous entity it obtained the data from.

  • dpv:DataControllerDataSource: Data Sourced from Data Controller(s), e.g. a Controller inferring data or generating data go to full definition
  • dpv:DataSubjectDataSource: Data Sourced from Data Subject(s), e.g. when data is collected via a form or observed from their activities go to full definition
  • dpv:NonPublicDataSource: A source of data that is not publicly accessible or available go to full definition
  • dpv:PublicDataSource: A source of data that is publicly accessible or available go to full definition
  • dpv:ThirdPartyDataSource: Data Sourced from a Third Party, e.g. when data is collected from an entity that is neither the Controller nor the Data Subject go to full definition

8.5 Monitoring, Scoring, Decision Making

To indicate the processing or technology is performing some kind of decision making, the concept DecisionMaking is provided. If the processing or technology is automated, the concept AutomatedDecisionMaking is provided. To describe the logic involved in decision making, the concept AlgorithmicLogic is provided. If the processing or technology is performing some evaluation or scoring (e.g. of individuals), the concept EvaluationScoring is provided. If the processing or technologies are performing 'systematic monitoring' of individuals, the concept SystematicMonitoring is provided.

If the processing involves technologies that are being used 'innovatively', the concept InnovativeUseOfTechnology is provided. Innovative uses can be for existing technologies, described using InnovativeUseOfExistingTechnology or for new technologies which are described using InnovativeUseOfNewTechnologies.

Note: Concepts assisting in determining 'sensitive' and 'high-risk' applications

8.6 Scale of Processing

DPV provides (qualitative) scales for expressing Data Volume, Data subjects, and Geographical Coverage of processing. Along with these, DPV also provides a Processing Scale to express combinations of these. NOTE: The actual meaning or quantified amounts for each concept are not defined due to their interpretation based on contextual factors such as legislations, guidelines, domains, and variations across industries.

  • dpv:DataSubjectScale: Scale of Data Subject(s) go to full definition
    • dpv:HugeScaleOfDataSubjects: Scale of data subjects considered huge or more than large within the context go to full definition
    • dpv:LargeScaleOfDataSubjects: Scale of data subjects considered large within the context go to full definition
    • dpv:MediumScaleOfDataSubjects: Scale of data subjects considered medium i.e. neither large nor small within the context go to full definition
    • dpv:SingularScaleOfDataSubjects: Scale of data subjects considered singular i.e. a specific data subject go to full definition
    • dpv:SmallScaleOfDataSubjects: Scale of data subjects considered small or limited within the context go to full definition
    • dpv:SporadicScaleOfDataSubjects: Scale of data subjects considered sporadic or sparse within the context go to full definition
  • dpv:DataVolume: Volume or Scale of Data go to full definition
    • dpv:HugeDataVolume: Data volume that is considered huge or more than large within the context go to full definition
    • dpv:LargeDataVolume: Data volume that is considered large within the context go to full definition
    • dpv:MediumDataVolume: Data volume that is considered medium i.e. neither large nor small within the context go to full definition
    • dpv:SingularDataVolume: Data volume that is considered singular i.e. a specific instance or single item go to full definition
    • dpv:SmallDataVolume: Data volume that is considered small or limited within the context go to full definition
    • dpv:SporadicDataVolume: Data volume that is considered sporadic or sparse within the context go to full definition
  • dpv:GeographicCoverage: Indicate of scale in terms of geographic coverage go to full definition
  • dpv:ProcessingScale: Scale of Processing go to full definition
    • dpv:LargeScaleProcessing: Processing that takes place at large scales (as specified by some criteria) go to full definition
    • dpv:MediumScaleProcessing: Processing that takes place at medium scales (as specified by some criteria) go to full definition
    • dpv:SmallScaleProcessing: Processing that takes place at small scales (as specified by some criteria) go to full definition

8.7 Technology

Figure 9 Specfiying Technology using DPV with the TECH extension providing additional concepts

The concept Technology represents technologies involved e.g. those for processing of data, or for implementing technical and organisational measures. To indicate something is implemented using some technology, the relation isImplementedUsingTechnology is provided. To indicate which entity is implementing the specified context, the relation isImplementedByEntity is provided. The Technology concepts for DPV extension provides additional concepts to describe the technology such as involved actors, intended use, capabilities and functions, and documentation.

9. General Context

Figure 10 Representing contextual information - click here to open diagram in a new window
Note

Please refer to context page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the context concepts.

9.1 Duration, Frequency, Necessity

These concepts enable expressing information about Duration, Frequency, Applicability, Importance, and Necessity of a Context (which can be any other concept). In addition to these, the concept Justification is useful to provide justifications or reasons or explanations - such as for why something must take place or could not take place.

Each of these concepts has a corresponding relation to express them - hasDuration, hasFrequency, hasApplicability, hasImportance, =hasNecessity=] with hasContext being the super-relation for these. Justifications are associated with using the relation hasJustification.

  • dpv:Applicability: Concept provided to represent indication of cases where the information or context is not applicable (N/A) or not available or this is not known or determined yet. If the information is applicable and available, this concept should not be used. go to full definition
    • dpv:NotApplicable: Concept indicating the information or context is not applicable go to full definition
    • dpv:NotAvailable: Concept indicating the information or context is applicable but information is not yet available go to full definition
    • dpv:UnknownApplicability: Concept indicating information or context availability is unknown i.e. it is not known if the information exists or is applicable and therefore statements about its availability cannot be made (yet) go to full definition
  • dpv:Duration: The duration or temporal limitation go to full definition
    • dpv:EndlessDuration: Duration that is (known or intended to be) open ended or without an end go to full definition
    • dpv:FixedOccurrencesDuration: Duration that takes place a fixed number of times e.g. 3 times go to full definition
    • dpv:IndeterminateDuration: Duration that is indeterminate or cannot be determined go to full definition
    • dpv:TemporalDuration: Duration that has a fixed temporal duration e.g. 6 months go to full definition
    • dpv:UntilEventDuration: Duration that takes place until a specific event occurs e.g. Account Closure go to full definition
    • dpv:UntilTimeDuration: Duration that has a fixed end date e.g. 2022-12-31 go to full definition
  • dpv:Frequency: The frequency or information about periods and repetitions in terms of recurrence. go to full definition
    • dpv:ContinuousFrequency: Frequency where occurrences are continuous go to full definition
    • dpv:OftenFrequency: Frequency where occurrences are often or frequent, but not continuous go to full definition
    • dpv:SingularFrequency: Frequency where occurrences are singular i.e. they take place only once go to full definition
    • dpv:SporadicFrequency: Frequency where occurrences are sporadic or infrequent or sparse go to full definition
  • dpv:Importance: An indication of 'importance' within a context go to full definition
    • dpv:PrimaryImportance: Indication of 'primary' or 'main' or 'core' importance go to full definition
    • dpv:SecondaryImportance: Indication of 'secondary' or 'minor' or 'auxiliary' importance go to full definition
  • dpv:Justification: A form of documentation providing reasons, explanations, or justifications go to full definition
  • dpv:Necessity: An indication of 'necessity' within a context go to full definition
  • dpv:Scope: Indication of the extent or range or boundaries associated with(in) a context go to full definition

9.2 Status

To assist with expressing the state or status associated with various activities, DPV provides the Status concept that can be associated contextually using the hasStatus relation. Specific subtypes are provided as ActivityStatus, ComplianceStatus including Lawfulness, AuditStatus, ConformanceStatus, RequestStatus, EntityInformedStatus, IntentionStatus, ExpectationStatus, InvolvementStatus, and NotificationStatus. The corresponding relations provided are: hasActivityStatus, hasComplianceStatus, hasLawfulness, hasAuditStatus, hasConformanceStatus, hasRequestStatus, hasInformedStatus, hasIntention, hasExpectation, hasInvolvement, and hasNotificationStatus.

  • dpv:ActivityStatus: Status associated with activity operations and lifecycles go to full definition
    • dpv:ActivityCompleted: State of an activity that has completed i.e. is fully in the past go to full definition
    • dpv:ActivityHalted: State of an activity that was occuring in the past, and has been halted or paused or stopped go to full definition
    • dpv:ActivityNotCompleted: State of an activity that could not be completed, but has reached some end state go to full definition
    • dpv:ActivityOngoing: State of an activity occurring in continuation i.e. currently ongoing go to full definition
    • dpv:ActivityPlanned: State of an activity being planned with concrete plans for implementation go to full definition
    • dpv:ActivityProposed: State of an activity being proposed without any concrete plans for implementation go to full definition
  • dpv:AuditStatus: Status associated with Auditing or Investigation go to full definition
  • dpv:ComplianceStatus: Status associated with Compliance with some norms, objectives, or requirements go to full definition
    • dpv:ComplianceIndeterminate: State where the status of compliance has not been fully assessed, evaluated, or determined go to full definition
    • dpv:ComplianceUnknown: State where the status of compliance is unknown go to full definition
    • dpv:ComplianceViolation: State where compliance cannot be achieved due to requirements being violated go to full definition
    • dpv:Compliant: State of being fully compliant go to full definition
    • dpv:Lawfulness: Status associated with expressing lawfulness or legal compliance go to full definition
    • dpv:NonCompliant: State of non-compliance where objectives have not been met, but have not been violated go to full definition
    • dpv:PartiallyCompliant: State of partially being compliant i.e. only some objectives have been met, and others have not been in violation go to full definition
  • dpv:ConformanceStatus: Status associated with conformance to a standard, guideline, code, or recommendation go to full definition
  • dpv:EntityInformedStatus: Status indicating whether an entity is informed or uninformed about specified context go to full definition
    • dpv:EntityInformed: Status indicating entity has been informed about specified context go to full definition
      • dpv:AuthorityInformed: Status indicating Authority has been informed about the specified context go to full definition
      • dpv:ControllerInformed: Status indicating Controller has been informed about the specified context go to full definition
      • dpv:DataSubjectInformed: Status indicating DataSubject has been informed about the specified context go to full definition
      • dpv:RecipientInformed: Status indicating Recipient has been informed about the specified context go to full definition
    • dpv:EntityUninformed: Status indicating entity is uninformed i.e. has been not been informed about specified context go to full definition
      • dpv:AuthorityUninformed: Status indicating Authority is uninformed i.e. has not been informed about the specified context go to full definition
      • dpv:ControllerUninformed: Status indicating Controller is uninformed i.e. has not been informed about the specified context go to full definition
      • dpv:DataSubjectUninformed: Status indicating DataSubject is uninformed i.e. has not been informed about the specified context go to full definition
      • dpv:RecipientUninformed: Status indicating Recipient is uninformed i.e. has not been informed about the specified context go to full definition
  • dpv:IntentionStatus: Status indicating whether the specified context was intended or unintended go to full definition
  • dpv:InvolvementStatus: Status indicating whether the involvement of specified context go to full definition
  • dpv:NotificationStatus: Status indicating whether notification(s) are planned, completed, or failed go to full definition
  • dpv:RequestStatus: Status associated with requests go to full definition

10. Tech/Org Measures

Figure 11 Overview of Technical & Organisational Measures in DPV (click to open in new window)
Note

Please refer to Tech & Org measures page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the Tech & Org measures concepts.

DPV's taxonomy of tech/org measures are structured into four groups representing TechnicalMeasure such as encryption or deidentification which operate at a technical level, OrganisationalMeasure such as policies and training which operate at an organisational level, LegalMeasure which are organisational measures with legal enforcement such as contracts and NDAs, and PhysicalMeasure which are associated with physical aspects such as environmental protection and physical security. Each of these is provided with a taxonomy that expands upon the core idea to provide a rich list of measures that are intended to protect personal data and technologies (and its associated entities and consequences).

To indicate applicability of measures, the relations hasTechnicalMeasure, hasOrganisationalMeasure, hasLegalMeasure, and hasPhysicalMeasure are provided. In addition to these, specific relations are also provided for concepts commonly used or which are important for legal considerations - such as hasNotice and hasPolicy.

10.1 Technical Measures

Figure 12 Overview of Technical Measures taxonomy in DPV (click to open in new window)
  • dpv:AccessControlMethod: Methods which restrict access to a place or resource go to full definition
    • dpv:UsageControl: Management of usage, which is intended to be broader than access control and may cover trust, digital rights, or other relevant controls go to full definition
  • dpv:ActivityMonitoring: Monitoring of activities including assessing whether they have been successfully initiated and completed go to full definition
  • dpv:AuthenticationProtocols: Protocols involving validation of identity i.e. authentication of a person or information go to full definition
    • dpv:BiometricAuthentication: Use of biometric data for authentication go to full definition
    • dpv:CryptographicAuthentication: Use of cryptography for authentication go to full definition
      • dpv:Authentication-ABC: Use of Attribute Based Credentials (ABC) to perform and manage authentication go to full definition
      • dpv:Authentication-PABC: Use of Privacy-enhancing Attribute Based Credentials (ABC) to perform and manage authentication go to full definition
      • dpv:HashMessageAuthenticationCode: Use of HMAC where message authentication code (MAC) utilise a cryptographic hash function and a secret cryptographic key go to full definition
      • dpv:MessageAuthenticationCodes: Use of cryptographic methods to authenticate messages go to full definition
    • dpv:MultiFactorAuthentication: An authentication system that uses two or more methods to authenticate go to full definition
    • dpv:PasswordAuthentication: Use of passwords to perform authentication go to full definition
    • dpv:SingleSignOn: Use of credentials or processes that enable using one set of credentials to authenticate multiple contexts. go to full definition
    • dpv:ZeroKnowledgeAuthentication: Authentication using Zero-Knowledge proofs go to full definition
  • dpv:AuthorisationProtocols: Protocols involving authorisation of roles or profiles to determine permission, rights, or privileges go to full definition
  • dpv:CryptographicMethods: Use of cryptographic methods to perform tasks go to full definition
    • dpv:AsymmetricCryptography: Use of public-key cryptography or asymmetric cryptography involving a public and private pair of keys go to full definition
    • dpv:CryptographicAuthentication: Use of cryptography for authentication go to full definition
      • dpv:Authentication-ABC: Use of Attribute Based Credentials (ABC) to perform and manage authentication go to full definition
      • dpv:Authentication-PABC: Use of Privacy-enhancing Attribute Based Credentials (ABC) to perform and manage authentication go to full definition
      • dpv:HashMessageAuthenticationCode: Use of HMAC where message authentication code (MAC) utilise a cryptographic hash function and a secret cryptographic key go to full definition
      • dpv:MessageAuthenticationCodes: Use of cryptographic methods to authenticate messages go to full definition
    • dpv:CryptographicKeyManagement: Management of cryptographic keys, including their generation, storage, assessment, and safekeeping go to full definition
    • dpv:DifferentialPrivacy: Utilisation of differential privacy where information is shared as patterns or groups to withhold individual elements go to full definition
    • dpv:DigitalSignatures: Expression and authentication of identity through digital information containing cryptographic signatures go to full definition
    • dpv:HashFunctions: Use of hash functions to map information or to retrieve a prior categorisation go to full definition
    • dpv:HomomorphicEncryption: Use of Homomorphic encryption that permits computations on encrypted data without decrypting it go to full definition
    • dpv:PostQuantumCryptography: Use of algorithms that are intended to be secure against cryptanalytic attack by a quantum computer go to full definition
    • dpv:PrivacyPreservingProtocol: Use of protocols designed with the intention of provided additional guarantees regarding privacy go to full definition
    • dpv:PrivateInformationRetrieval: Use of cryptographic methods to retrieve a record from a system without revealing which record is retrieved go to full definition
    • dpv:QuantumCryptography: Cryptographic methods that utilise quantum mechanical properties to perform cryptographic tasks go to full definition
    • dpv:SecretSharingSchemes: Use of secret sharing schemes where the secret can only be reconstructed through combination of sufficient number of individuals go to full definition
    • dpv:SecureMultiPartyComputation: Use of cryptographic methods for entities to jointly compute functions without revealing inputs go to full definition
    • dpv:SymmetricCryptography: Use of cryptography where the same keys are utilised for encryption and decryption of information go to full definition
    • dpv:TrustedComputing: Use of cryptographic methods to restrict access and execution to trusted parties and code go to full definition
    • dpv:TrustedExecutionEnvironment: Use of cryptographic methods to restrict access and execution to trusted parties and code within a dedicated execution environment go to full definition
    • dpv:ZeroKnowledgeAuthentication: Authentication using Zero-Knowledge proofs go to full definition
  • dpv:DataBackupProtocols: Protocols or plans for backing up of data go to full definition
  • dpv:DataSanitisationTechnique: Cleaning or any removal or re-organisation of elements in data based on selective criteria go to full definition
    • dpv:DataRedaction: Removal of sensitive information from a data or document go to full definition
    • dpv:Deidentification: Removal of identity or information to reduce identifiability go to full definition
      • dpv:Anonymisation: Anonymisation is the process by which data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the entity holding the data alone or in collaboration with other entities and information sources go to full definition
      • dpv:Pseudonymisation: Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person; go to full definition
        • dpv:DeterministicPseudonymisation: Pseudonymisation achieved through a deterministic function go to full definition
        • dpv:DocumentRandomisedPseudonymisation: Use of randomised pseudonymisation where the same elements are assigned different values in the same document or database go to full definition
        • dpv:FullyRandomisedPseudonymisation: Use of randomised pseudonymisation where the same elements are assigned different values each time they occur go to full definition
        • dpv:MonotonicCounterPseudonymisation: A simple pseudonymisation method where identifiers are substituted by a number chosen by a monotonic counter go to full definition
        • dpv:RNGPseudonymisation: A pseudonymisation method where identifiers are substituted by a number chosen by a Random Number Generator (RNG) go to full definition
  • dpv:DigitalRightsManagement: Management of access, use, and other operations associated with digital content go to full definition
  • dpv:Encryption: Technical measures consisting of encryption go to full definition
    • dpv:AsymmetricEncryption: Use of asymmetric cryptography to encrypt data go to full definition
    • dpv:EncryptionAtRest: Encryption of data when being stored (persistent encryption) go to full definition
    • dpv:EncryptionInTransfer: Encryption of data in transit e.g. when being transferred from one location to another, including sharing go to full definition
    • dpv:EncryptionInUse: Encryption of data when it is being used go to full definition
    • dpv:EndToEndEncryption: Encrypted communications where data is encrypted by the sender and decrypted by the intended receiver to prevent access to any third party go to full definition
    • dpv:SymmetricEncryption: Use of symmetric cryptography to encrypt data go to full definition
  • dpv:InformationFlowControl: Use of measures to control information flows go to full definition
  • dpv:SecurityMethod: Methods that relate to creating and providing security go to full definition
    • dpv:DistributedSystemSecurity: Security implementations provided using or over a distributed system go to full definition
    • dpv:DocumentSecurity: Security measures enacted over documents to protect against tampering or restrict access go to full definition
    • dpv:FileSystemSecurity: Security implemented over a file system go to full definition
    • dpv:HardwareSecurityProtocols: Security protocols implemented at or within hardware go to full definition
    • dpv:IntrusionDetectionSystem: Use of measures to detect intrusions and other unauthorised attempts to gain access to a system go to full definition
    • dpv:MobilePlatformSecurity: Security implemented over a mobile platform go to full definition
    • dpv:NetworkProxyRouting: Use of network routing using proxy go to full definition
    • dpv:NetworkSecurityProtocols: Security implemented at or over networks protocols go to full definition
    • dpv:OperatingSystemSecurity: Security implemented at or through operating systems go to full definition
    • dpv:PenetrationTestingMethods: Use of penetration testing to identify weaknesses and vulnerabilities through simulations go to full definition
    • dpv:UseSyntheticData: Use of synthetic data to preserve privacy, security, or other effects and side-effects go to full definition
    • dpv:VirtualisationSecurity: Security implemented at or through virtualised environments go to full definition
    • dpv:VulnerabilityTestingMethods: Methods that assess or discover vulnerabilities in a system go to full definition
    • dpv:WebBrowserSecurity: Security implemented at or over web browsers go to full definition
    • dpv:WebSecurityProtocols: Security implemented at or over web-based protocols go to full definition
    • dpv:WirelessSecurityProtocols: Security implemented at or over wireless communication protocols go to full definition

10.2 Organisational Measures

Figure 13 Overview of Organisational Measures taxonomy in DPV (click to open in new window)
  • dpv:Assessment: The document, plan, or process for assessment or determination towards a purpose e.g. assessment of legality or impact assessments go to full definition
    • dpv:ComplianceAssessment: Assessment regarding compliance (e.g. internal policy, regulations) go to full definition
    • dpv:ConformanceAssessment: Assessment regarding conformance with standards or norms or guidelines or similar instruments go to full definition
    • dpv:DataInteroperabilityAssessment: Measures associated with assessment of data interoperability go to full definition
    • dpv:DataQualityAssessment: Measures associated with assessment of data quality go to full definition
    • dpv:EffectivenessDeterminationProcedures: Procedures intended to determine effectiveness of other measures go to full definition
    • dpv:LegitimateInterestAssessment: Indicates an assessment regarding the use of legitimate interest as a lawful basis by the data controller go to full definition
  • dpv:CertificationSeal: Certifications, seals, and marks indicating compliance to regulations or practices go to full definition
    • dpv:Certification: Certification mechanisms, seals, and marks for the purpose of demonstrating compliance go to full definition
    • dpv:Seal: A seal or a mark indicating proof of certification to some certification or standard go to full definition
  • dpv:Consultation: Consultation is a process of receiving feedback, advice, or opinion from an external agency go to full definition
    • dpv:ConsultationWithAuthority: Consultation with an authority or authoritative entity go to full definition
    • dpv:ConsultationWithDataSubject: Consultation with data subject(s) or their representative(s) go to full definition
      • dpv:ConsultationWithDataSubjectRepresentative: Consultation with representative of data subject(s) go to full definition
    • dpv:ConsultationWithDPO: Consultation with Data Protection Officer(s) go to full definition
  • dpv:DigitalLiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding digital technologies and their implications go to full definition
    • dpv:AILiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding AI go to full definition
    • dpv:DataLiteracy: Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding data go to full definition
  • dpv:GovernanceProcedures: Procedures related to governance (e.g. organisation, unit, team, process, system) go to full definition
    • dpv:AssetManagementProcedures: Procedures related to management of assets go to full definition
    • dpv:ComplianceMonitoring: Monitoring of compliance (e.g. internal policy, regulations) go to full definition
    • dpv:DisasterRecoveryProcedures: Procedures related to management of disasters and recovery go to full definition
    • dpv:IncidentManagementProcedures: Procedures related to management of incidents go to full definition
    • dpv:IncidentReportingCommunication: Procedures related to management of incident reporting go to full definition
    • dpv:Policy: A guidance document outlining any of: procedures, plans, principles, decisions, intent, or protocols. go to full definition
    • dpv:ReviewProcedure: A procedure or process that reviews the correctness and validity of other procedures and policies e.g. to ensure continued validity, adequacy for intended purposes, and conformance of processes with findings go to full definition
      • dpv:ReviewImpactAssessment: Procedures to review impact assessments in terms of continued validity, adequacy for intended purposes, and conformance of processes with findings go to full definition
    • dpv:StandardsConformance: Purposes associated with activities undertaken to ensure or achieve conformance with standards go to full definition
  • dpv:GuidelinesPrinciple: Guidelines or Principles regarding processing and operational measures go to full definition
    • dpv:CodeOfConduct: A set of rules or procedures outlining the norms and practices for conducting activities go to full definition
    • dpv:DesignStandard: A set of rules or guidelines outlining criterias for design go to full definition
    • dpv:Guideline: Practices that specify how activities must be conducted go to full definition
    • dpv:Principle: A representation of values or norms that must be taken into consideration when conducting activities go to full definition
    • dpv:PrivacyByDefault: Practices regarding setting the default configurations of information and services to implement data protection and privacy (synonymous with Data Protection by Default) go to full definition
    • dpv:PrivacyByDesign: Practices regarding incorporating data protection and privacy in the design of information and services (synonymous with Data Protection by Design) go to full definition
  • dpv:Notice: A notice is an artefact for providing information, choices, or controls go to full definition
    • dpv:DataTransferNotice: Notice for the legal entity for the transfer of its data go to full definition
    • dpv:PrivacyNotice: Represents a notice or document outlining information regarding privacy go to full definition
    • dpv:SecurityIncidentNotice: A notice providing information about security incident(s) go to full definition
      • dpv:DataBreachNotice: A notice providing information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data go to full definition
  • dpv:Notification: Notification represents the provision of a notice i.e. notifying go to full definition
    • dpv:SecurityIncidentNotification: Notification of information about security incident(s) go to full definition
      • dpv:DataBreachNotification: Notification of information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data go to full definition
  • dpv:RecordsOfActivities: Records of activities within some context such as maintenance tasks or governance functions go to full definition
  • dpv:RightsManagement: Methods associated with rights management where 'rights' refer to controlling who can do what with a resource go to full definition
    • dpv:DataSubjectRightsManagement: Methods to provide, implement, and exercise data subjects' rights go to full definition
    • dpv:IPRManagement: Management of Intellectual Property Rights with a view to identify and safeguard and enforce them go to full definition
    • dpv:PermissionManagement: Methods to obtain, provide, modify, and withdraw permissions along with maintaining a record of permissions, retrieving records, and processing changes in permission states go to full definition
      • dpv:ConsentManagement: Methods to obtain, provide, modify, and withdraw consent along with maintaining a record of consent, retrieving records, and processing changes in consent states go to full definition
  • dpv:Safeguard: A safeguard is a precautionary measure for the protection against or mitigation of negative effects go to full definition
    • dpv:RegulatorySandbox: Mechanism used by regulators and businesses for gauging the compatibility of regulations and innovative products, particularly in the context of digitalisation, in a controlled real-world environment with appropriate safeguards in place go to full definition
    • dpv:SafeguardForDataTransfer: Represents a safeguard used for data transfer. Can include technical or organisational measures. go to full definition
  • dpv:SecurityProcedure: Procedures associated with assessing, implementing, and evaluating security go to full definition
    • dpv:AuthorisationProcedure: Procedures for determining authorisation through permission or authority go to full definition
      • dpv:CredentialManagement: Management of credentials and their use in authorisations go to full definition
      • dpv:IdentityManagementMethod: Management of identity and identity-based processes go to full definition
    • dpv:BackgroundChecks: Procedure where the background of an entity is assessed to identity vulnerabilities and threats due to their current or intended role go to full definition
    • dpv:DataSecurityManagement: Measures associated with management of data security go to full definition
    • dpv:SecureProcessingEnvironment: A physical or virtual environment supported by organisational means that integrates security and compliance requirements and allows supervising data processing actions go to full definition
    • dpv:SecurityRoleProcedures: Procedures related to security roles go to full definition
    • dpv:ThirdPartySecurityProcedures: Procedures related to security associated with Third Parties go to full definition
  • dpv:StaffTraining: Practices and policies regarding training of staff members go to full definition
    • dpv:CybersecurityTraining: Training methods related to cybersecurity go to full definition
    • dpv:DataProtectionTraining: Training intended to increase knowledge regarding data protection go to full definition
    • dpv:EducationalTraining: Training methods that are intended to provide education on topic(s) go to full definition
    • dpv:ProfessionalTraining: Training methods that are intended to provide professional knowledge and expertise go to full definition
    • dpv:SecurityKnowledgeTraining: Training intended to increase knowledge regarding security go to full definition
  • dpv:SupportEntityDecisionMaking: Supporting entities, including individuals, in making decisions go to full definition
    • dpv:SupportContractNegotiation: Supporting entities, including individuals, with negotiating a contract and its terms and conditions go to full definition
    • dpv:SupportExchangeOfViews: Supporting individuals and entities in exchanging views e.g. regarding data processing purposes for their best interests go to full definition
    • dpv:SupportInformedConsentDecision: Supporting individuals with making a decision regarding their informed consent go to full definition

10.4 Physical Measures

  • dpv:EnvironmentalProtection: Physical protection against environmental threats such as fire, floods, storms, etc. go to full definition
  • dpv:PhysicalAuthentication: Physical implementation of authentication e.g. by matching the person to their ID card go to full definition
  • dpv:PhysicalAuthorisation: Physical implementation of authorisation e.g. by stamping a visitor pass go to full definition
  • dpv:PhysicalDeviceSecurity: Physical protection for devices and equipment go to full definition
  • dpv:PhysicalInterceptionProtection: Physical protection against interception e.g. by posting a guard go to full definition
  • dpv:PhysicalInterruptionProtection: Physical protection against interruptions e.g. electrical supply interruption go to full definition
  • dpv:PhysicalNetworkSecurity: Physical protection for networks and networking related infrastructure e.g. by isolating networking equipments go to full definition
  • dpv:PhysicalSecureStorage: Physical protection for storage of information or equipment e.g. secure storage for files go to full definition
  • dpv:PhysicalSupplySecurity: Physically securing the supply of resources go to full definition
  • dpv:PhysicalSurveillance: Physically monitoring areas via surveillance go to full definition

12. Location & Jurisdiction

Figure 16
Note

Please refer to location & jurisdiction page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the location & jurisdiction concepts.

To represent location, the concept Location along with relations hasLocation is provided. For geo-political locations, the concepts such as Country and SupraNationalUnion are provided, with hasCountry and ThirdCountry with hasThirdCountry provided for convenience in common uses (e.g. data storage, transfers).

To define contextual location concepts, such as there being several locations, or that the location is 'local' to an event, DPV provides two concepts. LocationFixture specifies whether the location is 'fixed' or 'deterministic', with subtypes for fixed single, fixed multiple, and variable locations. LocationLocality specifies whether the location is 'local' within the context, with subtypes for local, remote, within a device, or in cloud.

To represent locations as jurisdictions, the relation hasJurisdiction is provided. The concept Law represents an official or authoritative law or regulation created by a government or an authority. To indicate applicability of laws within a jurisdiction, the relation hasApplicableLaw is provided.

The Legal Jurisdiction-relevant concepts for DPV provides taxonomies extending these concepts, such as to represent specific countries, their laws, authorities, memberships, adequacy decisions, and other information.

13. Risk and Impact Assessment

Figure 17
Note

Please refer to risk page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the risk concepts.

For risk management, DPV's provides a lightweight risk ontology based on commonly utilised concepts regarding risk mitigation and risk management. While these concepts permit rudimentary association of risks and mitigations within a use-case, it is important to note that DPV (currently) does not provide comprehensive concepts for risk management.

For more developed representations of risk assessment, mitigation, and management vocabularies, we suggest the adoption of relevant standards, such as the ISO/IEC 31000 series, and welcome contribution for their representation within DPV through Risk Assessment and Management concepts for DPV.

14. Rights and Rights Exercise

Figure 18
Note

Please refer to rights page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the rights concepts.

The concept Right represents a normative concept for what is permissible or necessary in accordance with a system such as laws. To associate rights with concepts that are relevant or within which those rights occur, the relation hasRight is used. Rights can be passive, which means they are always applicable without requiring anything to be done, or active where they require some action to be taken to initiate or exercise them. To represent these concepts, DPV uses PassiveRight and ActiveRight respectively. Rights can be applicable to different contexts or entities. To differentiate rights applicable or afforded to data subjects, the concept DataSubjectRight is used.

The information regarding hwo to exercise a right is provided through RightExerciseNotice and associated using the isExercisedAt relation. This information can specify contextual information through use of other concepts such as PersonalDataHandling to denote a necessary Purpose of IdentityVerification as part of the rights exercise.

A RightExerciseActivity represents a concrete instance of a right being exercised. It can include contextual information such as timestamps, durations, entities, etc. that can be part of record-keeping. An activity can be a single step related to rights exercise -- such as the initial request to exercise that right, or its acknowledgement, or the final step taken to fulfil the right (e.g. provide some information), or it can also be a single activity describing the entire rights exercise process(es). To collate related activities associated with a rights exercise (e.g. associated with a specific data subject or a specific request), the concept RightExerciseRecord is useful. The information provided to describe or in fulfilment of a right exercise is represented by RightFulfilmentNotice and that associated when a right exercise cannot be fulfilled is represented by RightNonFulfilmentNotice.

15. Rules

Figure 19
Note

Please refer to rules page for additional documentation, examples, references, and best practices. This document provides only a brief summary of the rules concepts.

DPV provides the concept Rule to specify requirements, constraints, and other forms of 'rules' that are associated with specific contexts (e.g., processing activities) using the relation hasRule. DPV provides three forms of Rules to represent Permission, Prohibition and Obligation, and their corresponding relations hasPermission, hasProhibition and hasObligation, to indicate a Rule that specifies whether something is permitted, prohibited or an obligation, respectively. DPV does not define additional semantics for rules and limits its scope and focus to provide a simple way to specify permissions, prohibitions, and obligations as common rules associated with activities. For a more extensive and richer set of semantics and concepts to represent rules, DPVCG suggests looking towards other languages, such as [ODRL], [SHACL], and [RuleML] that have been developed with the specific goal of representing and applying rules. We welcome contributions for aligning DPV with these, and for providing guidance on how to complement DPV's rule-based concepts with external languages.

16. Extensions

Figure 20 Structure of DPV vocabularies where DPV defines the core concepts which are then extended in specific extensions

To supplement the concepts and taxonomies in [DPV] for specific applications, use-cases, or to provide separation for better management of terms, we provide several extensions to the DPV.

16.1 Personal Data (PD)

Personal Data categories for DPV provides additional concepts that extend the DPV's personal data taxonomy based on an opinionated structure contributed by R. Jason Cronk from EnterPrivacy. This separation is to enable adopters to decide whether the extension's concepts are useful to them, or to use other external vocabularies, or define their own.

Concepts within [PD] are broadly structured in top-down fashion by utilising their relevance and origin as:

16.2 Locations (LOC)

Location and Geo-Political Membership concepts for DPV provides additional concepts regarding locations such as countries and regions based on the ISO 3166 standards. It enables representing information such as processing takes place within Ireland, represented by loc:IE, or within European Union (EU) by using loc:EU. We are working on expanding this list to also specify regions, cities, and other pertinent location details, and welcome participation and contributions for this.

16.3 Risk Management (RISK)

Risk Assessment and Management concepts for DPV builds on top of the lightweight risk framework within DPV by providing the following extensive concepts related to risk assessment and management. We are in the process of identifying additional concepts and taxonomies for the risk extension, such as for risk management procedures and the creation of a risk ontology based on ISO standards.

16.4 Technologies (TECH)

Technology concepts for DPV extends the DPV's terms to represent further specific details regarding technologies, their management, and relevance to actual real-world tools and systems. It provides concepts for the following:

The intention and aim of developing the TECH extension is to describe real-world tools and services, such as a specific cloud storage provider, and provide categorisation and metadata to connect it to DPV's concepts, such as to indicate the cloud storage instance features encryption at rest as a technical measure. Through these, the management and documentation of use-cases can be made easier by providing the relationships between tools/services and technical measures as a 'knowledge graph'.

16.5 Artificial Intelligence (AI)

AI Technology concepts for DPV is an extension under development which will further extend the [TECH] extension to represent concepts associated with AI. These will include representation of:

16.6 Justifications

Concepts representing Justifications for DPV provides concepts for use as 'justifications' with DPV. For example, where a right cannot be fulfilled, a justification such as 'identity could not be verified' is represented using a specific concept.

Notes

This document is based on inspiration from the following:

17. Vocabulary Index

17.1 Classes

17.1.1 Academic Research

Term AcademicResearch Prefix dpv
Label Academic Research
IRI https://w3id.org/dpv#AcademicResearch
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:ResearchAndDevelopmentdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with conducting or assisting with research conducted in an academic context e.g. within universities
Related svpu:Education
Date Created 2019-04-05
Contributors Harshvardhan J. Pandit, Javier Fernández, Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Simon Steyskal
See More: section PURPOSES in DPV

17.1.2 Academic or Scientific Organisation

Term AcademicScientificOrganisation Prefix dpv
Label Academic or Scientific Organisation
IRI https://w3id.org/dpv#AcademicScientificOrganisation
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf
Definition Organisations related to academia or scientific pursuits e.g. Universities, Schools, Research Bodies
Source ADMS controlled vocabulary
Date Created 2022-02-02
Date Modified 2020-10-05
Contributors Harshvardhan J. Pandit
See More: section ENTITIES-ORGANISATION in DPV

17.1.3 Access

Term Access Prefix dpv
Label Access
IRI https://w3id.org/dpv#Access
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Usedpv:Processing
Object of relation dpv:hasProcessing
Definition to access data
Date Created 2022-06-15
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section PROCESSING in DPV

17.1.4 Access Control Method

Term AccessControlMethod Prefix dpv
Label Access Control Method
IRI https://w3id.org/dpv#AccessControlMethod
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Methods which restrict access to a place or resource
Examples dex:E0020 :: Using technical measure: Protecting data using encryption and access control
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-TECHNICAL in DEX

17.1.5 Account Management

Term AccountManagement Prefix dpv
Label Account Management
IRI https://w3id.org/dpv#AccountManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Purpose
Object of relation dpv:hasPurpose
Definition Account Management refers to purposes associated with account management, such as to create, provide, maintain, and manage accounts
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.6 Acquire

Term Acquire Prefix dpv
Label Acquire
IRI https://w3id.org/dpv#Acquire
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Obtaindpv:Processing
Object of relation dpv:hasProcessing
Definition to come into possession or control of the data
Source GDPR Art.4-2
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.7 Actively Involved

Term ActivelyInvolved Prefix dpv
Label Actively Involved
IRI https://w3id.org/dpv#ActivelyInvolved
Type rdfs:Class, skos:Concept, dpv:InvolvementStatus
Broader/Parent types dpv:InvolvementStatusdpv:Statusdpv:Context
Object of relation dpv:hasContext, dpv:hasInvolvement, dpv:hasStatus
Definition Status indicating the specified context is 'actively' involved
Usage Note An example of active involvement is a person directly using a system to enter information
Date Created 2024-05-10
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Georg P. Krog, Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.8 Active Right

Term ActiveRight Prefix dpv
Label Active Right
IRI https://w3id.org/dpv#ActiveRight
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:Right
Subject of relation dpv:isExercisedAt
Object of relation dpv:hasRight
Definition The right(s) applicable, provided, or expected that need to be (actively) exercised
Usage Note Active rights require the entity to expressly exercise them. For example, a Data Subject exercising their right to withdraw their consent.
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Beatriz Esteves, Georg P. Krog, Paul Ryan
See More: section RIGHTS in DPV

17.1.9 Activity Completed

Term ActivityCompleted Prefix dpv
Label Activity Completed
IRI https://w3id.org/dpv#ActivityCompleted
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity that has completed i.e. is fully in the past
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.10 Activity Halted

Term ActivityHalted Prefix dpv
Label Activity Halted
IRI https://w3id.org/dpv#ActivityHalted
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity that was occuring in the past, and has been halted or paused or stopped
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.11 Activity Monitoring

Term ActivityMonitoring Prefix dpv
Label Activity Monitoring
IRI https://w3id.org/dpv#ActivityMonitoring
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Monitoring of activities including assessing whether they have been successfully initiated and completed
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.12 Activity Not Completed

Term ActivityNotCompleted Prefix dpv
Label Activity Not Completed
IRI https://w3id.org/dpv#ActivityNotCompleted
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity that could not be completed, but has reached some end state
Usage Note This relates to a 'Stop' state as distinct from a 'Halt' state. It makes no comments on whether the Activity can be resumed or continued towards completion.
Date Created 2022-11-30
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.13 Activity Ongoing

Term ActivityOngoing Prefix dpv
Label Activity Ongoing
IRI https://w3id.org/dpv#ActivityOngoing
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity occurring in continuation i.e. currently ongoing
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.14 Activity Planned

Term ActivityPlanned Prefix dpv
Label Activity Planned
IRI https://w3id.org/dpv#ActivityPlanned
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity being planned with concrete plans for implementation
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.15 Activity Proposed

Term ActivityProposed Prefix dpv
Label Activity Proposed
IRI https://w3id.org/dpv#ActivityProposed
Type rdfs:Class, skos:Concept, dpv:ActivityStatus
Broader/Parent types dpv:ActivityStatusdpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition State of an activity being proposed without any concrete plans for implementation
Date Created 2022-05-18
Date Modified 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.16 Activity Status

Term ActivityStatus Prefix dpv
Label Activity Status
IRI https://w3id.org/dpv#ActivityStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Statusdpv:Context
Object of relation dpv:hasActivityStatus, dpv:hasContext, dpv:hasStatus
Definition Status associated with activity operations and lifecycles
Examples dex:E0054 :: Specifying status associated with activities
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DEX

17.1.17 Adapt

Term Adapt Prefix dpv
Label Adapt
IRI https://w3id.org/dpv#Adapt
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to modify the data, often rewritten into a new form for a new use
Source GDPR Art.4-2
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.18 Adult

Term Adult Prefix dpv
Label Adult
IRI https://w3id.org/dpv#Adult
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition A natural person that is not a child i.e. has attained some legally specified age of adulthood
Date Created 2022-03-30
Contributors Georg P. Krog
See More: section ENTITIES-DATASUBJECT in DPV

17.1.19 Advertising

Term Advertising Prefix dpv
Label Advertising
IRI https://w3id.org/dpv#Advertising
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Marketingdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with conducting advertising i.e. process or artefact used to call attention to a product, service, etc. through announcements, notices, or other forms of communication
Usage Note Advertising is a subset of Marketing. Advertising by itself does not indicate 'personalisation' i.e. personalised ads.
Date Created 2020-11-04
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.20 Age Verification

Term AgeVerification Prefix dpv
Label Age Verification
IRI https://w3id.org/dpv#AgeVerification
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Verificationdpv:EnforceSecuritydpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with verifying or authenticating age or age related information as a form of security
Usage Note Age Verification can include verification of the exact age, e.g. being 21 years old, a date, e.g. birth date is 01 January 1969, or a condition, e.g. age is over 21 years and the person is an adult. Specific dedicated resources should be used to further express information and processes associated with Age Verification, for example the Age Verification Vocabulary https://w3id.org/age/
Date Created 2024-02-14
Contributors Beatriz Esteves, Arthit Suriyawongkul, Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.21 Aggregate

Term Aggregate Prefix dpv
Label Aggregate
IRI https://w3id.org/dpv#Aggregate
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Alterdpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to aggregate data
Source SPECIAL Project
Related svpr:Aggregate
Date Created 2024-04-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit
See More: section PROCESSING in DPV

17.1.22 AI Literacy

Term AILiteracy Prefix dpv
Label AI Literacy
IRI https://w3id.org/dpv#AILiteracy
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DigitalLiteracydpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Providing skills, knowledge, and understanding to enable reading, writing, analysing, reasoning, and communicating regarding AI
Date Created 2024-05-17
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.23 Algorithmic Logic

Term AlgorithmicLogic Prefix dpv
Label Algorithmic Logic
IRI https://w3id.org/dpv#AlgorithmicLogic
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:ProcessingContextdpv:Context
Object of relation dpv:hasAlgorithmicLogic, dpv:hasContext
Definition The algorithmic logic applied or used
Usage Note Algorithmic Logic is intended as a broad concept for explaining the use of algorithms and automated decisions making within Processing. To describe the actual algorithm, see the Algorithm concept.
Date Created 2022-01-26
Date Modified 2023-12-10
Contributors Harshvardhan J. Pandit
See More: section PROCESSING-CONTEXT in DPV

17.1.24 Align

Term Align Prefix dpv
Label Align
IRI https://w3id.org/dpv#Align
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to adjust the data to be in relation to another data
Source GDPR Art.4-2
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.25 Alter

Term Alter Prefix dpv
Label Alter
IRI https://w3id.org/dpv#Alter
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to change the data without changing it into something else
Source GDPR Art.4-2
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.26 Analyse

Term Analyse Prefix dpv
Label Analyse
IRI https://w3id.org/dpv#Analyse
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Usedpv:Processing
Object of relation dpv:hasProcessing
Definition to study or examine the data in detail
Source SPECIAL Project
Related svpr:Analyse
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.27 Anonymisation

Term Anonymisation Prefix dpv
Label Anonymisation
IRI https://w3id.org/dpv#Anonymisation
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:Deidentificationdpv:DataSanitisationTechniquedpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Anonymisation is the process by which data is irreversibly altered in such a way that a data subject can no longer be identified directly or indirectly, either by the entity holding the data alone or in collaboration with other entities and information sources
Source ISO 29100:2011
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar, Maya Borges, Damien Desfontaines
See More: section TOM-TECHNICAL in DPV

17.1.28 Anonymise

Term Anonymise Prefix dpv
Label Anonymise
IRI https://w3id.org/dpv#Anonymise
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to irreversibly alter personal data in such a way that an unique data subject can no longer be identified directly or indirectly or in combination with other data
Source SPECIAL Project
Related svpr:Anonymise
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.29 Anonymised Data

Term AnonymisedData Prefix dpv
Label Anonymised Data
IRI https://w3id.org/dpv#AnonymisedData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:NonPersonalDatadpv:Data
Object of relation dpv:hasData
Definition Personal Data that has been (fully and completely) anonymised so that it is no longer considered Personal Data
Usage Note It is advised to carefully consider indicating data is fully or completely anonymised by determining whether the data by itself or in combination with other data can identify a person. Failing this condition, the data should be denoted as PseudonymisedData. To indicate data is anonymised only for a specified entity (e.g. within an organisation), the concept ContextuallyAnonymisedData (as subclass of PseudonymisedData) should be used instead of AnonymisedData.
Date Created 2022-01-19
Contributors Piero Bonatti
See More: section PERSONAL-DATA in DPV

17.1.30 Applicability

Term Applicability Prefix dpv
Label Applicability
IRI https://w3id.org/dpv#Applicability
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Context
Object of relation dpv:hasApplicability, dpv:hasContext
Definition Concept provided to represent indication of cases where the information or context is not applicable (N/A) or not available or this is not known or determined yet. If the information is applicable and available, this concept should not be used.
Usage Note These concepts are useful in closed-world interpretations, for example in forms where a field must have a value to explicitly denote it is not applicable or the information is not available yet.
Examples dex:E0053 :: Specifying applicability of information
Date Created 2023-08-24
Contributors Harshvardhan J. Pandit
See More: section CONTEXT in DEX

17.1.31 Applicant

Term Applicant Prefix dpv
Label Applicant
IRI https://w3id.org/dpv#Applicant
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that are applicants in some context
Date Created 2022-04-06
Contributors Harshvardhan J. Pandit, Georg P. Krog, Julian Flake, Paul Ryan, Beatriz Esteves
See More: section ENTITIES-DATASUBJECT in DPV

17.1.32 Assess

Term Assess Prefix dpv
Label Assess
IRI https://w3id.org/dpv#Assess
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Usedpv:Processing
Object of relation dpv:hasProcessing
Definition to assess data for some criteria
Date Created 2022-06-15
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section PROCESSING in DPV

17.1.33 Assessment

Term Assessment Prefix dpv
Label Assessment
IRI https://w3id.org/dpv#Assessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition The document, plan, or process for assessment or determination towards a purpose e.g. assessment of legality or impact assessments
Date Created 2021-09-08
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.34 Asset Management Procedures

Term AssetManagementProcedures Prefix dpv
Label Asset Management Procedures
IRI https://w3id.org/dpv#AssetManagementProcedures
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:GovernanceProceduresdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Procedures related to management of assets
Source ENISA 5G Cybersecurity Standards
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.35 Assistive Automation

Term AssistiveAutomation Prefix dpv
Label Assistive Automation
IRI https://w3id.org/dpv#AssistiveAutomation
Type rdfs:Class, skos:Concept, dpv:AutomationLevel
Broader/Parent types dpv:AutomationLeveldpv:ProcessingContextdpv:Context
Object of relation dpv:hasAutomationLevel, dpv:hasContext
Definition Level of automation corresponding to Level 1 in ISO/IEC 22989:2022 where automation is limited to parts of the system or a specific part of the system in a manner that does not change the control of the human in using/driving the system
Usage Note Human Involvement is implied here, specifically the ability to make decisions regarding operations, but also possibly for intervention, oversight, and verification
Source ISO/IEC 22989:2022 Artificial intelligence concepts and terminology
Date Created 2023-12-10
Date Modified 2024-04-20
Contributors Harshvardhan J. Pandit, Delaram Golpayegani
See More: section PROCESSING-CONTEXT in DPV

17.1.36 Asylum Seeker

Term AsylumSeeker Prefix dpv
Label Asylum Seeker
IRI https://w3id.org/dpv#AsylumSeeker
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:VulnerableDataSubjectdpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that are asylum seekers
Date Created 2022-06-15
Contributors Georg P. Krog
See More: section ENTITIES-DATASUBJECT in DPV

17.1.37 Asymmetric Cryptography

Term AsymmetricCryptography Prefix dpv
Label Asymmetric Cryptography
IRI https://w3id.org/dpv#AsymmetricCryptography
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:CryptographicMethodsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of public-key cryptography or asymmetric cryptography involving a public and private pair of keys
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.38 Asymmetric Encryption

Term AsymmetricEncryption Prefix dpv
Label Asymmetric Encryption
IRI https://w3id.org/dpv#AsymmetricEncryption
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:Encryptiondpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of asymmetric cryptography to encrypt data
Source ENISA Data Pseudonymisation: Advanced Techniques and Use Cases
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.39 Audit Approved

Term AuditApproved Prefix dpv
Label Audit Approved
IRI https://w3id.org/dpv#AuditApproved
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State of being approved through the audit
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.40 Audit Conditionally Approved

Term AuditConditionallyApproved Prefix dpv
Label Audit Conditionally Approved
IRI https://w3id.org/dpv#AuditConditionallyApproved
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State of being conditionally approved through the audit
Usage Note A "conditional approval" is intended to reflect states where the audit has identified further changes which must be implemented before considering the audit has been 'passed', without requiring another audit to validate them. This is distinct from the case where an audit has state 'rejected', which means changes must be made and submitted for review. The requirements of a 'conditional acceptance' are expected to be minor or not significant enough to warrant another audit to review them.
Date Created 2022-06-29
Contributors Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.41 Audit Not Required

Term AuditNotRequired Prefix dpv
Label Audit Not Required
IRI https://w3id.org/dpv#AuditNotRequired
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State where an audit is determined as not being required
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.42 Audit Rejected

Term AuditRejected Prefix dpv
Label Audit Rejected
IRI https://w3id.org/dpv#AuditRejected
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State of not being approved or being rejected through the audit
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.43 Audit Requested

Term AuditRequested Prefix dpv
Label Audit Requested
IRI https://w3id.org/dpv#AuditRequested
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State of an audit being requested whose outcome is not yet known
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.44 Audit Required

Term AuditRequired Prefix dpv
Label Audit Required
IRI https://w3id.org/dpv#AuditRequired
Type rdfs:Class, skos:Concept, dpv:AuditStatus
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition State where an audit is determined as being required but has not been conducted
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.45 Audit Status

Term AuditStatus Prefix dpv
Label Audit Status
IRI https://w3id.org/dpv#AuditStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Status associated with Auditing or Investigation
Examples dex:E0056 :: Specifying the audit status associated with a DPIA
dex:E0057 :: Expressing GDPR Right to Data Portability could not be fulfilled due to Identity Verification failure
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DEX

17.1.46 Authentication using ABC

Term Authentication-ABC Prefix dpv
Label Authentication using ABC
IRI https://w3id.org/dpv#Authentication-ABC
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:CryptographicAuthenticationdpv:AuthenticationProtocolsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:CryptographicAuthenticationdpv:CryptographicMethodsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of Attribute Based Credentials (ABC) to perform and manage authentication
Source ENISA Data Protection Engineering
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.47 Authentication using PABC

Term Authentication-PABC Prefix dpv
Label Authentication using PABC
IRI https://w3id.org/dpv#Authentication-PABC
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:CryptographicAuthenticationdpv:AuthenticationProtocolsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:CryptographicAuthenticationdpv:CryptographicMethodsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of Privacy-enhancing Attribute Based Credentials (ABC) to perform and manage authentication
Source ENISA Data Protection Engineering
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.48 Authentication Protocols

Term AuthenticationProtocols Prefix dpv
Label Authentication Protocols
IRI https://w3id.org/dpv#AuthenticationProtocols
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Protocols involving validation of identity i.e. authentication of a person or information
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-TECHNICAL in DPV

17.1.49 Authorisation Procedure

Term AuthorisationProcedure Prefix dpv
Label Authorisation Procedure
IRI https://w3id.org/dpv#AuthorisationProcedure
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:SecurityProceduredpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Procedures for determining authorisation through permission or authority
Usage Note non-technical authorisation procedures: How is it described on an organisational level, who gets access to the data
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-ORGANISATIONAL in DPV

17.1.50 Authorisation Protocols

Term AuthorisationProtocols Prefix dpv
Label Authorisation Protocols
IRI https://w3id.org/dpv#AuthorisationProtocols
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Protocols involving authorisation of roles or profiles to determine permission, rights, or privileges
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.51 Authority

Term Authority Prefix dpv
Label Authority
IRI https://w3id.org/dpv#Authority
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:GovernmentalOrganisationdpv:Organisationdpv:LegalEntitydpv:Entity
Subject of relation dpv:isAuthorityFor
Object of relation dpv:hasAuthority, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf
Definition An authority with the power to create or enforce laws, or determine their compliance.
Date Created 2020-11-04
Contributors Georg P. Krog, Paul Ryan, Harshvardhan J. Pandit
See More: section ENTITIES-AUTHORITY in DPV

17.1.52 Authority Informed

Term AuthorityInformed Prefix dpv
Label Authority Informed
IRI https://w3id.org/dpv#AuthorityInformed
Type rdfs:Class, skos:Concept, dpv:EntityInformedStatus
Broader/Parent types dpv:EntityInformeddpv:EntityInformedStatusdpv:Statusdpv:Context
Object of relation dpv:hasContext, dpv:hasInformedStatus, dpv:hasStatus
Definition Status indicating Authority has been informed about the specified context
Date Created 2024-05-10
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Georg P. Krog, Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.53 Authority Uninformed

Term AuthorityUninformed Prefix dpv
Label Authority Uninformed
IRI https://w3id.org/dpv#AuthorityUninformed
Type rdfs:Class, skos:Concept, dpv:EntityInformedStatus
Broader/Parent types dpv:EntityUninformeddpv:EntityInformedStatusdpv:Statusdpv:Context
Object of relation dpv:hasContext, dpv:hasInformedStatus, dpv:hasStatus
Definition Status indicating Authority is uninformed i.e. has not been informed about the specified context
Date Created 2024-05-10
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Georg P. Krog, Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.54 Automated Decision Making

Term AutomatedDecisionMaking Prefix dpv
Label Automated Decision Making
IRI https://w3id.org/dpv#AutomatedDecisionMaking
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:DecisionMakingdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext
Definition Processing that involves automated decision making
Usage Note Automated decision making can be defined as “the ability to make decisions by technological means without human involvement.” (“Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 (wp251rev.01)”, 2018, p. 8)
Source GDPR Art.4-2
Date Created 2020-11-04
Date Modified 2022-09-07
Contributors Harshvardhan J. Pandit, Piero Bonatti
See More: section PROCESSING-CONTEXT in DPV

17.1.55 Automated Scoring of Individuals

Term AutomatedScoringOfIndividuals Prefix dpv
Label Automated Scoring of Individuals
IRI https://w3id.org/dpv#AutomatedScoringOfIndividuals
Type rdfs:Class, skos:Concept, dpv:ScoringOfIndividuals
Broader/Parent types dpv:ScoringOfIndividualsdpv:EvaluationScoringdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext
Definition Processing that involves automated scoring of individuals
Usage Note Scoring can lead to the action being considered Decision Making if the scoring is itself a decision - see 2023-MAR-16 opinion of Advocate General on Case C 634/21. Therefore, the assessment of whether scoring was automated or not is important given the legal obligations surrounding automated decision making e.g. in GDPR
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section PROCESSING-CONTEXT in DPV

17.1.56 Automation Level

Term AutomationLevel Prefix dpv
Label Automation Level
IRI https://w3id.org/dpv#AutomationLevel
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:ProcessingContextdpv:Context
Object of relation dpv:hasAutomationLevel, dpv:hasContext
Definition Indication of degree or level of automation associated with specified context
Usage Note This concept was called 'Automation' in previous versions
Examples dex:E0013 :: Spam filter as Automated Decision Making with Human Involvement
Source ISO/IEC 22989:2022 Artificial intelligence concepts and terminology
Date Created 2023-12-10
Date Modified 2024-04-20
Contributors Harshvardhan J. Pandit, Delaram Golpayegani
See More: section PROCESSING-CONTEXT in DEX

17.1.57 Autonomous

Term Autonomous Prefix dpv
Label Autonomous
IRI https://w3id.org/dpv#Autonomous
Type rdfs:Class, skos:Concept, dpv:AutomationLevel
Broader/Parent types dpv:AutomationLeveldpv:ProcessingContextdpv:Context
Object of relation dpv:hasAutomationLevel, dpv:hasContext
Definition Level of automation corresponding to Level 6 in ISO/IEC 22989:2022 where the automation in system is capable of modifying its operation domain or its goals without external intervention, control or oversight
Usage Note Though Autonomous, such operations can still be associated with dpv:HumanInvolved e.g. for inputs, oversight or verification
Source ISO/IEC 22989:2022 Artificial intelligence concepts and terminology
Date Created 2023-12-10
Date Modified 2024-04-20
Contributors Harshvardhan J. Pandit, Delaram Golpayegani
See More: section PROCESSING-CONTEXT in DPV

17.1.58 Background Checks

Term BackgroundChecks Prefix dpv
Label Background Checks
IRI https://w3id.org/dpv#BackgroundChecks
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:SecurityProceduredpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Procedure where the background of an entity is assessed to identity vulnerabilities and threats due to their current or intended role
Source ENISA 5G Cybersecurity Standards
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.59 Biometric Authentication

Term BiometricAuthentication Prefix dpv
Label Biometric Authentication
IRI https://w3id.org/dpv#BiometricAuthentication
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:AuthenticationProtocolsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of biometric data for authentication
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.60 Cannot Challenge Process

Term CannotChallengeProcess Prefix dpv
Label Cannot Challenge Process
IRI https://w3id.org/dpv#CannotChallengeProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot challenge the process of specified context
Usage Note Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the process or plan or implementation
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.61 Cannot Challenge Process Input

Term CannotChallengeProcessInput Prefix dpv
Label Cannot Challenge Process Input
IRI https://w3id.org/dpv#CannotChallengeProcessInput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot challenge input of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.62 Cannot Challenge Process Output

Term CannotChallengeProcessOutput Prefix dpv
Label Cannot Challenge Process Output
IRI https://w3id.org/dpv#CannotChallengeProcessOutput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot challenge the output of specified context
Usage Note Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the output of the process or plan or implementation (where output is distinct from the process itself)
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.63 Cannot Correct Process

Term CannotCorrectProcess Prefix dpv
Label Cannot Correct Process
IRI https://w3id.org/dpv#CannotCorrectProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot correct the process of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.64 Cannot Correct Process Input

Term CannotCorrectProcessInput Prefix dpv
Label Cannot Correct Process Input
IRI https://w3id.org/dpv#CannotCorrectProcessInput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot correct input of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.65 Cannot Correct Process Output

Term CannotCorrectProcessOutput Prefix dpv
Label Cannot Correct Process Output
IRI https://w3id.org/dpv#CannotCorrectProcessOutput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot correct the output of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.66 Cannot Object to Process

Term CannotObjectToProcess Prefix dpv
Label Cannot Object to Process
IRI https://w3id.org/dpv#CannotObjectToProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot object to process of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.67 Cannot Opt-in to Process

Term CannotOptInToProcess Prefix dpv
Label Cannot Opt-in to Process
IRI https://w3id.org/dpv#CannotOptInToProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot opt-in to specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.68 Cannot Opt-out from Process

Term CannotOptOutFromProcess Prefix dpv
Label Cannot Opt-out from Process
IRI https://w3id.org/dpv#CannotOptOutFromProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot opt-out from specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.69 Cannot Reverse Process Effects

Term CannotReverseProcessEffects Prefix dpv
Label Cannot Reverse Process Effects
IRI https://w3id.org/dpv#CannotReverseProcessEffects
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot reverse effects of specified context
Usage Note Effects refer to consequences and impacts arising from the process or from the outputs of a process
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.70 Cannot Reverse Process Input

Term CannotReverseProcessInput Prefix dpv
Label Cannot Reverse Process Input
IRI https://w3id.org/dpv#CannotReverseProcessInput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot reverse input of specified context
Usage Note Reversion can be considered a form of correction in some instances. We welcome inputs to further explore and define this relation between correction and reversion concepts.
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.71 Cannot Reverse Process Output

Term CannotReverseProcessOutput Prefix dpv
Label Cannot Reverse Process Output
IRI https://w3id.org/dpv#CannotReverseProcessOutput
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot reverse output of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.72 Cannot Withdraw from Process

Term CannotWithdrawFromProcess Prefix dpv
Label Cannot Withdraw from Process
IRI https://w3id.org/dpv#CannotWithdrawFromProcess
Type rdfs:Class, skos:Concept, dpv:EntityNonPermissiveInvolvement
Broader/Parent types dpv:EntityNonPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity cannot withdraw a previously given assent from specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.73 Certification

Term Certification Prefix dpv
Label Certification
IRI https://w3id.org/dpv#Certification
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:CertificationSealdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Certification mechanisms, seals, and marks for the purpose of demonstrating compliance
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-ORGANISATIONAL in DPV

17.1.74 Certification and Seal

Term CertificationSeal Prefix dpv
Label Certification and Seal
IRI https://w3id.org/dpv#CertificationSeal
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Certifications, seals, and marks indicating compliance to regulations or practices
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-ORGANISATIONAL in DPV

17.1.75 Challenging Process

Term ChallengingProcess Prefix dpv
Label Challenging Process
IRI https://w3id.org/dpv#ChallengingProcess
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can challenge the process of specified context
Usage Note Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the process or plan or implementation
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.76 Challenging Process Input

Term ChallengingProcessInput Prefix dpv
Label Challenging Process Input
IRI https://w3id.org/dpv#ChallengingProcessInput
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can challenge input of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.77 Challenging Process Output

Term ChallengingProcessOutput Prefix dpv
Label Challenging Process Output
IRI https://w3id.org/dpv#ChallengingProcessOutput
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can challenge the output of specified context
Usage Note Challenge refers to raising questions about validity, necessity, correctness, or other similar 'trustworthiness' attributes regarding the output of the process or plan or implementation (where output is distinct from the process itself)
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.78 Child

Term Child Prefix dpv
Label Child
IRI https://w3id.org/dpv#Child
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition A 'child' is a natural legal person who is below a certain legal age depending on the legal jurisdiction.
Usage Note The legality of age defining a child varies by jurisdiction. In addition, 'child' is distinct from a 'minor'. For example, the legal age for consumption of alcohol can be 21, which makes a person of age 20 a 'minor' in this context. In other cases, 'minor' and 'child' are used interchangeably to refer to a person below some legally defined age.
Date Created 2020-11-25
Date Modified 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section ENTITIES-DATASUBJECT in DPV

17.1.79 Citizen

Term Citizen Prefix dpv
Label Citizen
IRI https://w3id.org/dpv#Citizen
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that are citizens (for a jurisdiction)
Date Created 2022-04-06
Contributors Harshvardhan J. Pandit, Georg P. Krog, Julian Flake, Paul Ryan, Beatriz Esteves
See More: section ENTITIES-DATASUBJECT in DPV

17.1.80 City

Term City Prefix dpv
Label City
IRI https://w3id.org/dpv#City
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Regiondpv:Countrydpv:Location
Object of relation dpv:hasCountry, dpv:hasJurisdiction, dpv:hasLocation
Definition A region consisting of urban population and commerce
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-JURISDICTION in DPV

17.1.81 Client

Term Client Prefix dpv
Label Client
IRI https://w3id.org/dpv#Client
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:Customerdpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that are clients or recipients of services
Date Created 2022-04-06
Contributors Harshvardhan J. Pandit, Georg P. Krog, Julian Flake, Paul Ryan, Beatriz Esteves
See More: section ENTITIES-DATASUBJECT in DPV

17.1.82 Cloud Location

Term CloudLocation Prefix dpv
Label Cloud Location
IRI https://w3id.org/dpv#CloudLocation
Type rdfs:Class, skos:Concept, dpv:Location
Broader/Parent types dpv:RemoteLocationdpv:LocationLocalitydpv:Location
Object of relation dpv:hasJurisdiction, dpv:hasLocation
Definition Location that is in the 'cloud' i.e. a logical location operated over the internet
Date Created 2022-06-15
Date Modified 2020-10-05
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-JURISDICTION in DPV

17.1.83 Code of Conduct

Term CodeOfConduct Prefix dpv
Label Code of Conduct
IRI https://w3id.org/dpv#CodeOfConduct
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition A set of rules or procedures outlining the norms and practices for conducting activities
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-ORGANISATIONAL in DPV

17.1.84 Collect

Term Collect Prefix dpv
Label Collect
IRI https://w3id.org/dpv#Collect
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Obtaindpv:Processing
Object of relation dpv:hasProcessing
Definition to gather data from someone
Source GDPR Art.4-2, SPECIAL Project
Related svpr:Collect
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.85 Collected Data

Term CollectedData Prefix dpv
Label Collected Data
IRI https://w3id.org/dpv#CollectedData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Data
Object of relation dpv:hasData
Definition Data that has been obtained by collecting it from a source
Date Created 2023-12-10
See More: section PERSONAL-DATA in DPV

17.1.86 Collected Personal Data

Term CollectedPersonalData Prefix dpv
Label Collected Personal Data
IRI https://w3id.org/dpv#CollectedPersonalData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:CollectedDatadpv:Data
Broader/Parent types dpv:PersonalDatadpv:Data
Object of relation dpv:hasData, dpv:hasPersonalData
Definition Personal Data that has been collected from another source such as the Data Subject
Usage Note To indicate the source of data, use the DataSource concept with the hasDataSource relation
Examples dex:E0046 :: Indicating data being collected and derived
Date Created 2022-03-30
Date Modified 2023-12-10
Contributors Harshvardhan J. Pandit
See More: section PERSONAL-DATA in DEX

17.1.87 Combat Climate Change

Term CombatClimateChange Prefix dpv
Label Combat Climate Change
IRI https://w3id.org/dpv#CombatClimateChange
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:PublicBenefitdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with combating the causes and consequences of climate change, including reducing gas emissions and fighting emergencies such as floods or wildfires
Source
Date Created 2024-02-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.88 Combine

Term Combine Prefix dpv
Label Combine
IRI https://w3id.org/dpv#Combine
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transformdpv:Processing
Object of relation dpv:hasProcessing
Definition to join or merge data
Source GDPR Art.4-2, SPECIAL Project
Related svpr:Aggregate
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.89 Commercially Confidential Data

Term CommerciallyConfidentialData Prefix dpv
Label Commercially Confidential Data
IRI https://w3id.org/dpv#CommerciallyConfidentialData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Data
Object of relation dpv:hasData
Definition Data protected through Commercial Confidentiality Agreements
Source
Date Created 2024-02-14
See More: section PERSONAL-DATA in DPV

17.1.90 Commercial Purpose

Term CommercialPurpose Prefix dpv
Label Commercial Purpose
IRI https://w3id.org/dpv#CommercialPurpose
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with processing activities performed in a commercial setting or with intention to commercialise
Source
Date Created 2024-02-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.91 Commercial Research

Term CommercialResearch Prefix dpv
Label Commercial Research
IRI https://w3id.org/dpv#CommercialResearch
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CommercialPurposedpv:Purpose
Broader/Parent types dpv:ResearchAndDevelopmentdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with conducting research in a commercial setting or with intention to commercialise e.g. in a company or sponsored by a company
Related svpu:Develop
Date Created 2019-04-05
Date Modified 2024-04-14
Contributors Harshvardhan J. Pandit, Javier Fernández, Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Simon Steyskal
See More: section PURPOSES in DPV

17.1.92 Communication for Customer Care

Term CommunicationForCustomerCare Prefix dpv
Label Communication for Customer Care
IRI https://w3id.org/dpv#CommunicationForCustomerCare
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CommunicationManagementdpv:Purpose
Broader/Parent types dpv:CustomerCaredpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Care Communication refers to purposes associated with communicating with customers for assisting them, resolving issues, ensuring satisfaction, etc. in relation to services provided
Date Created 2020-11-04
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.93 Communication Management

Term CommunicationManagement Prefix dpv
Label Communication Management
IRI https://w3id.org/dpv#CommunicationManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Purpose
Object of relation dpv:hasPurpose
Definition Communication Management refers to purposes associated with providing or managing communication activities e.g. to send an email for notifying some information
Usage Note This purpose by itself does not sufficiently and clearly indicate what the communication is about. As such, it is recommended to combine it with another purpose to indicate the application. For example, Communication of Payment.
Date Created 2021-09-01
Contributors Georg P. Krog, Paul Ryan, David Hickey, Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.94 Compliance Assessment

Term ComplianceAssessment Prefix dpv
Label Compliance Assessment
IRI https://w3id.org/dpv#ComplianceAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Assessment regarding compliance (e.g. internal policy, regulations)
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.95 Compliance Indeterminate

Term ComplianceIndeterminate Prefix dpv
Label Compliance Indeterminate
IRI https://w3id.org/dpv#ComplianceIndeterminate
Type rdfs:Class, skos:Concept, dpv:ComplianceStatus
Broader/Parent types dpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasStatus
Definition State where the status of compliance has not been fully assessed, evaluated, or determined
Date Created 2022-09-07
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.96 Compliance Monitoring

Term ComplianceMonitoring Prefix dpv
Label Compliance Monitoring
IRI https://w3id.org/dpv#ComplianceMonitoring
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:GovernanceProceduresdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Monitoring of compliance (e.g. internal policy, regulations)
Source ENISA 5G Cybersecurity Standards
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.97 Compliance Status

Term ComplianceStatus Prefix dpv
Label Compliance Status
IRI https://w3id.org/dpv#ComplianceStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasStatus
Definition Status associated with Compliance with some norms, objectives, or requirements
Examples dex:E0055 :: Specifying compliance status and lawfulness
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DEX

17.1.98 Compliance Unknown

Term ComplianceUnknown Prefix dpv
Label Compliance Unknown
IRI https://w3id.org/dpv#ComplianceUnknown
Type rdfs:Class, skos:Concept, dpv:ComplianceStatus
Broader/Parent types dpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasStatus
Definition State where the status of compliance is unknown
Date Created 2022-09-07
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.99 Compliance Violation

Term ComplianceViolation Prefix dpv
Label Compliance Violation
IRI https://w3id.org/dpv#ComplianceViolation
Type rdfs:Class, skos:Concept, dpv:ComplianceStatus
Broader/Parent types dpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasStatus
Definition State where compliance cannot be achieved due to requirements being violated
Usage Note Changed from "violation of compliance" for consistency with other terms
Date Created 2022-05-18
Date Modified 2022-09-07
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.100 Compliant

Term Compliant Prefix dpv
Label Compliant
IRI https://w3id.org/dpv#Compliant
Type rdfs:Class, skos:Concept, dpv:ComplianceStatus
Broader/Parent types dpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasStatus
Definition State of being fully compliant
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.101 Conditional Automation

Term ConditionalAutomation Prefix dpv
Label Conditional Automation
IRI https://w3id.org/dpv#ConditionalAutomation
Type rdfs:Class, skos:Concept, dpv:AutomationLevel
Broader/Parent types dpv:AutomationLeveldpv:ProcessingContextdpv:Context
Object of relation dpv:hasAutomationLevel, dpv:hasContext
Definition Level of automation corresponding to Level 3 in ISO/IEC 22989:2022 where the automation is sufficient to perform most tasks of the system with the human present to take over where necessary
Usage Note Human Involvement is implied here, e.g. for intervention, input, decisions
Source ISO/IEC 22989:2022 Artificial intelligence concepts and terminology
Date Created 2023-12-10
Date Modified 2024-04-20
Contributors Harshvardhan J. Pandit, Delaram Golpayegani
See More: section PROCESSING-CONTEXT in DPV

17.1.102 Confidential Data

Term ConfidentialData Prefix dpv
Label Confidential Data
IRI https://w3id.org/dpv#ConfidentialData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Data
Object of relation dpv:hasData
Definition Data deemed confidential
Source
Date Created 2024-02-14
See More: section PERSONAL-DATA in DPV

17.1.103 Confidentiality Agreement

Term ConfidentialityAgreement Prefix dpv
Label Confidentiality Agreement
IRI https://w3id.org/dpv#ConfidentialityAgreement
Type rdfs:Class, skos:Concept, dpv:LegalMeasure
Broader/Parent types dpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Agreements that enforce confidentiality for e.g. to protect business, professional, or company secrets
Source
Date Created 2022-02-09
See More: section TOM-LEGAL in DPV

17.1.104 Conformance Assessment

Term ConformanceAssessment Prefix dpv
Label Conformance Assessment
IRI https://w3id.org/dpv#ConformanceAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Assessment regarding conformance with standards or norms or guidelines or similar instruments
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.105 Conformance Status

Term ConformanceStatus Prefix dpv
Label Conformance Status
IRI https://w3id.org/dpv#ConformanceStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Statusdpv:Context
Object of relation dpv:hasConformanceStatus, dpv:hasContext, dpv:hasStatus
Definition Status associated with conformance to a standard, guideline, code, or recommendation
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV

17.1.106 Conformant

Term Conformant Prefix dpv
Label Conformant
IRI https://w3id.org/dpv#Conformant
Type rdfs:Class, skos:Concept, dpv:ConformanceStatus
Broader/Parent types dpv:ConformanceStatusdpv:Statusdpv:Context
Object of relation dpv:hasConformanceStatus, dpv:hasContext, dpv:hasStatus
Definition State of being conformant
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DPV
Term ConsentControl Prefix dpv
Label Consent Control
IRI https://w3id.org/dpv#ConsentControl
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasConsentControl, dpv:hasContext, dpv:hasEntityInvolvement
Definition The control or activity associated with obtaining, providing, withdrawing, or reaffirming consent
Date Created 2024-05-11
See More: section LEGAL-BASIS-CONSENT-CONTROLS in DPV
Term ConsentExpired Prefix dpv
Label Consent Expired
IRI https://w3id.org/dpv#ConsentExpired
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where the temporal or contextual validity of consent has 'expired'
Usage Note An example of this state is when the obtained consent has been assigned a duration - which has lapsed or 'expired', making it invalid to be used further for processing data
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentGiven Prefix dpv
Label Consent Given
IRI https://w3id.org/dpv#ConsentGiven
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusValidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where consent has been given
Usage Note An example of this state is when the individual clicks on a button, ticks a checkbox, verbally agrees - or any other form that communicates their decision agreeing to the processing of data
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentInvalidated Prefix dpv
Label Consent Invalidated
IRI https://w3id.org/dpv#ConsentInvalidated
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where consent has been deemed to be invalid
Usage Note An example of this state is where an investigating authority or a court finds the collected consent did not meet requirements, and 'invalidates' both prior and future uses of it to carry out processing
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentManagement Prefix dpv
Label Consent Management
IRI https://w3id.org/dpv#ConsentManagement
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:PermissionManagementdpv:RightsManagementdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Methods to obtain, provide, modify, and withdraw consent along with maintaining a record of consent, retrieving records, and processing changes in consent states
Source
Date Created 2024-04-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV
Term ConsentNotice Prefix dpv
Label Consent Notice
IRI https://w3id.org/dpv#ConsentNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:PrivacyNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition A Notice for information provision associated with Consent
Date Created 2022-06-21
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section TOM-ORGANISATIONAL in DPV
Term ConsentReceipt Prefix dpv
Label Consent Receipt
IRI https://w3id.org/dpv#ConsentReceipt
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:ConsentRecorddpv:DataProcessingRecorddpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition A record of consent or consent related activities that is provided to another entity
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV
Term ConsentRecord Prefix dpv
Label Consent Record
IRI https://w3id.org/dpv#ConsentRecord
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DataProcessingRecorddpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition A Record of Consent or Consent related activities
Examples dex:E0016 :: Indicating details about an individual's consent
dex:E0023 :: Consent record example
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section TOM-ORGANISATIONAL in DEX
Term ConsentRefused Prefix dpv
Label Consent Refused
IRI https://w3id.org/dpv#ConsentRefused
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where consent has been refused
Usage Note An example of this state is when the individual clicks on a 'disagree' or 'reject' or 'refuse' button, or leaves a checkbox unticked
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentRequestDeferred Prefix dpv
Label Consent Request Deferred
IRI https://w3id.org/dpv#ConsentRequestDeferred
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition State where a request for consent has been deferred without a decision
Usage Note An example of this state is when the individual closes or dismisses a notice without making a decision. This state is intended for making the distinction between a notice being provided (as a consent request) and the individual interacting with the notice without making a decision - where the 'ignoring of a notice' is taken as consent being neither given nor refused
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentRequested Prefix dpv
Label Consent Requested
IRI https://w3id.org/dpv#ConsentRequested
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition State where a request for consent has been made and is awaiting a decision
Usage Note An example of this state is when a notice has been presented to the individual but they have not made a decision
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentRevoked Prefix dpv
Label Consent Revoked
IRI https://w3id.org/dpv#ConsentRevoked
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where the consent is revoked by an entity other than the data subject and which prevents it from being further used as a valid state
Usage Note An example of this state is when a Data Controller stops utilising previously obtaining consent, such as when that service no longer exists
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentStatus Prefix dpv
Label Consent Status
IRI https://w3id.org/dpv#ConsentStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state or status of 'consent' that provides information reflecting its operational status and validity for processing data
Usage Note States are useful as information artefacts to implement them in controlling processing, and to reflect the process and flow of obtaining and maintaining consent. For example, a database table that stores consent states for specific processing and can be queried to obtain them in an efficient manner. States are also useful in investigations to determine the use and validity of consenting practices
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentStatusInvalidForProcessing Prefix dpv
Label Consent Status Invalid for Processing
IRI https://w3id.org/dpv#ConsentStatusInvalidForProcessing
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition States of consent that cannot be used as valid justifications for processing data
Usage Note This identifies the stages associated with consent that should not be used to process data
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentStatusValidForProcessing Prefix dpv
Label Consent Status Valid for Processing
IRI https://w3id.org/dpv#ConsentStatusValidForProcessing
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition States of consent that can be used as valid justifications for processing data
Usage Note Practically, given consent is the only valid state for processing
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentUnknown Prefix dpv
Label Consent Unknown
IRI https://w3id.org/dpv#ConsentUnknown
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition State where information about consent is not available or is unknown
Usage Note Consent states can be unknown, for example, when information is not available, or cannot be trusted, or is known to be inaccurate
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV
Term ConsentWithdrawn Prefix dpv
Label Consent Withdrawn
IRI https://w3id.org/dpv#ConsentWithdrawn
Type rdfs:Class, skos:Concept, dpv:ConsentStatus
Broader/Parent types dpv:ConsentStatusInvalidForProcessingdpv:ConsentStatusdpv:Statusdpv:Context
Object of relation dpv:hasConsentStatus, dpv:hasContext, dpv:hasStatus
Definition The state where the consent is withdrawn or revoked specifically by the data subject and which prevents it from being further used as a valid state
Usage Note This state can be considered a form of 'revocation' of consent, where the revocation can only be performed by the data subject. Therefore we suggest using ConsentRevoked when it is a non-data-subject entity, and ConsentWithdrawn when it is the data subject
Source GConsent
Date Created 2022-06-22
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan, Julian Flake
See More: section LEGAL-BASIS-CONSENT-STATUS in DPV

17.1.125 Consequence

Term Consequence Prefix dpv
Label Consequence
IRI https://w3id.org/dpv#Consequence
Type rdfs:Class, skos:Concept
Subject of relation dpv:hasConsequenceOn
Object of relation dpv:hasConsequence
Definition The consequence(s) possible or arising from specified context
Examples dex:E0027 :: Indicating risks, consequences, and impacts
dex:E0068 :: Using DPV and RISK extension to represent risks
dex:E0071 :: Using risk controls to express how tech/org measures address the risk
Date Created 2022-01-26
Contributors Harshvardhan J. Pandit
See More: section RISK in DEX

17.1.126 Consequence as Side-Effect

Term ConsequenceAsSideEffect Prefix dpv
Label Consequence as Side-Effect
IRI https://w3id.org/dpv#ConsequenceAsSideEffect
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Consequence
Object of relation dpv:hasConsequence
Definition The consequence(s) possible or arising as a side-effect of specified context
Date Created 2022-03-30
Contributors Harshvardhan J. Pandit
See More: section RISK in DPV

17.1.127 Consequence of Failure

Term ConsequenceOfFailure Prefix dpv
Label Consequence of Failure
IRI https://w3id.org/dpv#ConsequenceOfFailure
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Consequence
Object of relation dpv:hasConsequence
Definition The consequence(s) possible or arising from failure of specified context
Date Created 2022-03-23
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section RISK in DPV

17.1.128 Consequence of Success

Term ConsequenceOfSuccess Prefix dpv
Label Consequence of Success
IRI https://w3id.org/dpv#ConsequenceOfSuccess
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Consequence
Object of relation dpv:hasConsequence
Definition The consequence(s) possible or arising from success of specified context
Date Created 2022-03-23
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section RISK in DPV

17.1.129 Consult

Term Consult Prefix dpv
Label Consult
IRI https://w3id.org/dpv#Consult
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Usedpv:Processing
Object of relation dpv:hasProcessing
Definition to consult or query data
Source GDPR Art.4-2, SPECIAL Project
Related svpr:Query
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.130 Consultation

Term Consultation Prefix dpv
Label Consultation
IRI https://w3id.org/dpv#Consultation
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Consultation is a process of receiving feedback, advice, or opinion from an external agency
Date Created 2020-11-04
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More: section TOM-ORGANISATIONAL in DPV

17.1.131 Consultation with Authority

Term ConsultationWithAuthority Prefix dpv
Label Consultation with Authority
IRI https://w3id.org/dpv#ConsultationWithAuthority
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Consultationdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Consultation with an authority or authoritative entity
Date Created 2020-11-04
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More: section TOM-ORGANISATIONAL in DPV

17.1.132 Consultation with Data Subject

Term ConsultationWithDataSubject Prefix dpv
Label Consultation with Data Subject
IRI https://w3id.org/dpv#ConsultationWithDataSubject
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Consultationdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Consultation with data subject(s) or their representative(s)
Date Created 2022-06-15
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.133 Consultation with Data Subject Representative

Term ConsultationWithDataSubjectRepresentative Prefix dpv
Label Consultation with Data Subject Representative
IRI https://w3id.org/dpv#ConsultationWithDataSubjectRepresentative
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:ConsultationWithDataSubjectdpv:Consultationdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Consultation with representative of data subject(s)
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.134 Consultation with DPO

Term ConsultationWithDPO Prefix dpv
Label Consultation with DPO
IRI https://w3id.org/dpv#ConsultationWithDPO
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Consultationdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Consultation with Data Protection Officer(s)
Date Created 2022-06-15
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.135 Consumer

Term Consumer Prefix dpv
Label Consumer
IRI https://w3id.org/dpv#Consumer
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that consume goods or services for direct use
Date Created 2022-04-06
Contributors Harshvardhan J. Pandit, Georg P. Krog, Julian Flake, Paul Ryan, Beatriz Esteves
See More: section ENTITIES-DATASUBJECT in DPV

17.1.136 Context

Term Context Prefix dpv
Label Context
IRI https://w3id.org/dpv#Context
Type rdfs:Class, skos:Concept
Subject of relation dpv:hasObligation, dpv:hasPermission, dpv:hasProhibition, dpv:hasRule
Object of relation dpv:hasContext
Definition Contextually relevant information
Usage Note Context is a catch-all concept for information of relevance not possible to represent through other core concepts. DPV offers specific contextual concepts such as Necessity, Frequency, and Duration. More can be created by extending Context within use-cases.
Date Created 2019-04-05
Date Modified 2022-06-15
Contributors Harshvardhan J. Pandit, Javier Fernández, Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Simon Steyskal
See More: section CONTEXT in DPV

17.1.137 Contextually Anonymised Data

Term ContextuallyAnonymisedData Prefix dpv
Label Contextually Anonymised Data
IRI https://w3id.org/dpv#ContextuallyAnonymisedData
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:PseudonymisedDatadpv:PersonalDatadpv:Data
Object of relation dpv:hasData, dpv:hasPersonalData
Definition Data that can be considered as being fully anonymised within the context but in actuality is not fully anonymised and is still personal data as it can be de-anonymised outside that context
Usage Note To distinguish between partially anonymised data that can be effectively treated as anonymised data (e.g. in processing) within a context (e.g. an organisation), the concept ContextuallyAnonymisedData should be used instead of AnonymisedData. Transfer of this data outside of the context should consider that it is not fully anonymised and that it is still personal data
Date Created 2024-06-11
Contributors Harshvardhan J. Pandit
See More: section PERSONAL-DATA in DPV

17.1.138 Continuous Frequency

Term ContinuousFrequency Prefix dpv
Label Continuous Frequency
IRI https://w3id.org/dpv#ContinuousFrequency
Type rdfs:Class, skos:Concept, dpv:Frequency
Broader/Parent types dpv:Frequencydpv:Context
Object of relation dpv:hasContext, dpv:hasFrequency
Definition Frequency where occurrences are continuous
Date Created 2022-06-15
Date Modified 2020-10-05
Contributors Harshvardhan J. Pandit
See More: section CONTEXT in DPV

17.1.139 Contract

Term Contract Prefix dpv
Label Contract
IRI https://w3id.org/dpv#Contract
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Creation, completion, fulfilment, or performance of a contract involving specified processing of data or technologies
Date Created 2021-04-07
Contributors Harshvardhan J. Pandit
See More: section LEGAL-BASIS in DPV

17.1.140 Contract Performance

Term ContractPerformance Prefix dpv
Label Contract Performance
IRI https://w3id.org/dpv#ContractPerformance
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Fulfilment or performance of a contract involving specified processing of data or technologies
Date Created 2021-04-07
Contributors Georg P. Krog, Harshvardhan J. Pandit, Paul Ryan
See More: section LEGAL-BASIS in DPV

17.1.141 Contractual Terms

Term ContractualTerms Prefix dpv
Label Contractual Terms
IRI https://w3id.org/dpv#ContractualTerms
Type rdfs:Class, skos:Concept, dpv:LegalMeasure
Broader/Parent types dpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Contractual terms governing data handling within or with an entity
Date Created 2019-04-05
Contributors Axel Polleres, Rob Brennan, Harshvardhan J. Pandit, Mark Lizar
See More: section TOM-LEGAL in DPV

17.1.142 Controller Informed

Term ControllerInformed Prefix dpv
Label Controller Informed
IRI https://w3id.org/dpv#ControllerInformed
Type rdfs:Class, skos:Concept, dpv:EntityInformedStatus
Broader/Parent types dpv:EntityInformeddpv:EntityInformedStatusdpv:Statusdpv:Context
Object of relation dpv:hasContext, dpv:hasInformedStatus, dpv:hasStatus
Definition Status indicating Controller has been informed about the specified context
Date Created 2024-05-10
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Georg P. Krog, Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.143 Controller-Processor Agreement

Term ControllerProcessorAgreement Prefix dpv
Label Controller-Processor Agreement
IRI https://w3id.org/dpv#ControllerProcessorAgreement
Type rdfs:Class, skos:Concept, dpv:LegalMeasure
Broader/Parent types dpv:DataProcessingAgreementdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition An agreement outlining conditions, criteria, obligations, responsibilities, and specifics for carrying out processing of data between a Data Controller and a Data Processor
Examples dex:E0024 :: Controller-Processor agreement denoting processing to be carried out
Date Created 2022-01-26
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves, Paul Ryan, Julian Flake
See More: section TOM-LEGAL in DEX

17.1.144 Controller Uninformed

Term ControllerUninformed Prefix dpv
Label Controller Uninformed
IRI https://w3id.org/dpv#ControllerUninformed
Type rdfs:Class, skos:Concept, dpv:EntityInformedStatus
Broader/Parent types dpv:EntityUninformeddpv:EntityInformedStatusdpv:Statusdpv:Context
Object of relation dpv:hasContext, dpv:hasInformedStatus, dpv:hasStatus
Definition Status indicating Controller is uninformed i.e. has not been informed about the specified context
Date Created 2024-05-10
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Georg P. Krog, Paul Ryan
See More: section CONTEXT-STATUS in DPV

17.1.145 Copy

Term Copy Prefix dpv
Label Copy
IRI https://w3id.org/dpv#Copy
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Processing
Object of relation dpv:hasProcessing
Definition to produce an exact reproduction of the data
Source SPECIAL Project
Related svpr:Copy
Date Created 2019-05-07
See More: section PROCESSING in DPV

17.1.146 Correcting Process

Term CorrectingProcess Prefix dpv
Label Correcting Process
IRI https://w3id.org/dpv#CorrectingProcess
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can correct the process of specified context
Usage Note Correction of process refers to the ability to change how the process takes place
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.147 Correcting Process Input

Term CorrectingProcessInput Prefix dpv
Label Correcting Process Input
IRI https://w3id.org/dpv#CorrectingProcessInput
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can correct input of specified context
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.148 Correcting Process Output

Term CorrectingProcessOutput Prefix dpv
Label Correcting Process Output
IRI https://w3id.org/dpv#CorrectingProcessOutput
Type rdfs:Class, skos:Concept, dpv:EntityPermissiveInvolvement
Broader/Parent types dpv:EntityPermissiveInvolvementdpv:EntityInvolvementdpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasEntityInvolvement
Definition Involvement where entity can correct the output of specified context
Usage Note Correction of outputs allows modification of the output - implying continuation of the process. This is distinct from reversing of outputs which revert the output back to its previous value and possibly imply not continuing with the process
Date Created 2024-05-11
Contributors Harshvardhan J. Pandit, Delaram Golpayegani, Steve Hickman
See More: section PROCESSING-CONTEXT in DPV

17.1.149 Counter Money Laundering

Term CounterMoneyLaundering Prefix dpv
Label Counter Money Laundering
IRI https://w3id.org/dpv#CounterMoneyLaundering
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:FraudPreventionAndDetectiondpv:MisusePreventionAndDetectiondpv:EnforceSecuritydpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with detection, prevention, and mitigation of mitigate money laundering
Date Created 2022-04-20
Contributors Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.150 Counterterrorism

Term Counterterrorism Prefix dpv
Label Counterterrorism
IRI https://w3id.org/dpv#Counterterrorism
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:PublicBenefitdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with activities that detect, prevent, mitigate, or otherwise perform activities to combat or eliminate terrorism (also referred to as anti-terrorism)
Date Created 2022-04-20
Date Modified 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.151 Country

Term Country Prefix dpv
Label Country
IRI https://w3id.org/dpv#Country
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Location
Object of relation dpv:hasCountry, dpv:hasJurisdiction, dpv:hasLocation
Definition A political entity indicative of a sovereign or non-sovereign territorial state comprising of distinct geographical areas
Usage Note The definition of country is not intended for political interpretation. DPVCG welcomes alternate definitions based in existing sources with global scope, such as UN or ISO.
Date Created 2022-01-19
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section CONTEXT-JURISDICTION in DPV

17.1.152 Credential Management

Term CredentialManagement Prefix dpv
Label Credential Management
IRI https://w3id.org/dpv#CredentialManagement
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:AuthorisationProceduredpv:SecurityProceduredpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Management of credentials and their use in authorisations
Date Created 2022-06-15
Contributors Georg P. Krog
See More: section TOM-ORGANISATIONAL in DPV

17.1.153 Credit Checking

Term CreditChecking Prefix dpv
Label Credit Checking
IRI https://w3id.org/dpv#CreditChecking
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerSolvencyMonitoringdpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with monitoring, performing, or assessing credit worthiness or solvency
Date Created 2022-04-20
Contributors Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.154 Cross-Border Transfer

Term CrossBorderTransfer Prefix dpv
Label Cross-Border Transfer
IRI https://w3id.org/dpv#CrossBorderTransfer
Type rdfs:Class, skos:Concept, dpv:Processing
Broader/Parent types dpv:Transferdpv:Processing
Object of relation dpv:hasProcessing
Definition to move data from one jurisdiction (border) to another
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section PROCESSING in DPV

17.1.155 Cryptographic Authentication

Term CryptographicAuthentication Prefix dpv
Label Cryptographic Authentication
IRI https://w3id.org/dpv#CryptographicAuthentication
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:AuthenticationProtocolsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:CryptographicMethodsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of cryptography for authentication
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.156 Cryptographic Key Management

Term CryptographicKeyManagement Prefix dpv
Label Cryptographic Key Management
IRI https://w3id.org/dpv#CryptographicKeyManagement
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:CryptographicMethodsdpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Management of cryptographic keys, including their generation, storage, assessment, and safekeeping
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.157 Cryptographic Methods

Term CryptographicMethods Prefix dpv
Label Cryptographic Methods
IRI https://w3id.org/dpv#CryptographicMethods
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Use of cryptographic methods to perform tasks
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-TECHNICAL in DPV

17.1.158 Customer

Term Customer Prefix dpv
Label Customer
IRI https://w3id.org/dpv#Customer
Type rdfs:Class, skos:Concept, dpv:DataSubject
Broader/Parent types dpv:DataSubjectdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataSubject, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition Data subjects that purchase goods or services
Usage Note note: for B2B relations where customers are organisations, this concept only applies for data subjects
Date Created 2022-04-06
Contributors Harshvardhan J. Pandit, Georg P. Krog, Julian Flake, Paul Ryan, Beatriz Esteves
See More: section ENTITIES-DATASUBJECT in DPV

17.1.159 Customer Care

Term CustomerCare Prefix dpv
Label Customer Care
IRI https://w3id.org/dpv#CustomerCare
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Care refers to purposes associated with purposes for providing assistance, resolving issues, ensuring satisfaction, etc. in relation to services provided
Related svpu:Feedback
Date Created 2019-04-05
Contributors Harshvardhan J. Pandit, Javier Fernández, Axel Polleres, Elmar Kiesling, Fajar Ekaputra, Simon Steyskal
See More: section PURPOSES in DPV

17.1.160 Customer Claims Management

Term CustomerClaimsManagement Prefix dpv
Label Customer Claims Management
IRI https://w3id.org/dpv#CustomerClaimsManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Claims Management refers to purposes associated with managing claims, including repayment of monies owed
Source Belgian DPA ROPA Template
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.161 Customer Management

Term CustomerManagement Prefix dpv
Label Customer Management
IRI https://w3id.org/dpv#CustomerManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Management refers to purposes associated with managing activities related with past, current, and future customers
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.162 Customer Order Management

Term CustomerOrderManagement Prefix dpv
Label Customer Order Management
IRI https://w3id.org/dpv#CustomerOrderManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Order Management refers to purposes associated with managing customer orders i.e. processing of an order related to customer's purchase of good or services
Source Belgian DPA ROPA Template
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.163 Customer Relationship Management

Term CustomerRelationshipManagement Prefix dpv
Label Customer Relationship Management
IRI https://w3id.org/dpv#CustomerRelationshipManagement
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Relationship Management refers to purposes associated with managing and analysing interactions with past, current, and potential customers
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.164 Customer Solvency Monitoring

Term CustomerSolvencyMonitoring Prefix dpv
Label Customer Solvency Monitoring
IRI https://w3id.org/dpv#CustomerSolvencyMonitoring
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:CustomerManagementdpv:Purpose
Object of relation dpv:hasPurpose
Definition Customer Solvency Monitoring refers to purposes associated with monitor solvency of customers for financial diligence
Source Belgian DPA ROPA Template
Date Created 2021-09-08
Contributors Georg P. Krog, Harshvardhan J. Pandit, Beatriz Esteves
See More: section PURPOSES in DPV

17.1.165 Cybersecurity Assessment

Term CybersecurityAssessment Prefix dpv
Label Cybersecurity Assessment
IRI https://w3id.org/dpv#CybersecurityAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:SecurityAssessmentdpv:RiskAssessmentdpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasRiskAssessment, dpv:hasTechnicalOrganisationalMeasure
Definition Assessment of cybersecurity capabilities in terms of vulnerabilities and effectiveness of controls
Source ENISA 5G Cybersecurity Standards
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section RISK in DPV

17.1.166 Cybersecurity Training

Term CybersecurityTraining Prefix dpv
Label Cybersecurity Training
IRI https://w3id.org/dpv#CybersecurityTraining
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:StaffTrainingdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Training methods related to cybersecurity
Source ENISA Reference Incident Classification Taxonomy 2018
Date Created 2022-08-17
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.167 Data

Term Data Prefix dpv
Label Data
IRI https://w3id.org/dpv#Data
Type rdfs:Class, skos:Concept
Object of relation dpv:hasData
Definition A broad concept representing 'data' or 'information'
Date Created 2022-01-19
Contributors Harshvardhan J. Pandit
See More: section PERSONAL-DATA in DPV

17.1.168 Data Altruism

Term DataAltruism Prefix dpv
Label Data Altruism
IRI https://w3id.org/dpv#DataAltruism
Type rdfs:Class, skos:Concept, dpv:Purpose
Broader/Parent types dpv:PublicBenefitdpv:Purpose
Object of relation dpv:hasPurpose
Definition Purposes associated with the voluntary sharing of data for the general interest of the public, such as healthcare or combating climate change
Usage Note Data Altruism as a purpose should be combined with other purposes to indicate their altruistic interpretation or application. E.g. improving healthcare and data altruism in combination.
Source
Date Created 2024-02-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit
See More: section PURPOSES in DPV

17.1.169 Data Backup Protocols

Term DataBackupProtocols Prefix dpv
Label Data Backup Protocols
IRI https://w3id.org/dpv#DataBackupProtocols
Type rdfs:Class, skos:Concept, dpv:TechnicalMeasure
Broader/Parent types dpv:TechnicalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasTechnicalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Protocols or plans for backing up of data
Date Created 2022-06-15
Contributors Georg P. Krog
See More: section TOM-TECHNICAL in DPV

17.1.170 Data Breach Impact Assessment (DBIA)

Term DataBreachImpactAssessment Prefix dpv
Label Data Breach Impact Assessment (DBIA)
IRI https://w3id.org/dpv#DataBreachImpactAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RightsImpactAssessmentdpv:ImpactAssessmentdpv:RiskAssessmentdpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasImpactAssessment, dpv:hasOrganisationalMeasure, dpv:hasRiskAssessment, dpv:hasTechnicalOrganisationalMeasure
Definition Impact Assessment concerning the consequences and impacts of a data breach
Usage Note Data Breach assessments can require additional non-security related assessments such as GDPR Art.34 Rights Impact Assessment
Date Created 2024-04-15
Contributors Harshvardhan J. Pandit
See More: section RISK in DPV

17.1.171 Data Breach Notice

Term DataBreachNotice Prefix dpv
Label Data Breach Notice
IRI https://w3id.org/dpv#DataBreachNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition A notice providing information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data
Source
Date Created 2024-04-14
Contributors Georg P. Krog, Paul Ryan, David Hickey, Beatriz Esteves, Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.172 Data Breach Notification

Term DataBreachNotification Prefix dpv
Label Data Breach Notification
IRI https://w3id.org/dpv#DataBreachNotification
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:SecurityIncidentNotificationdpv:Notificationdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notification of information about data breach(es) i.e. unauthorised transfer, access, use, or modification of data
Source
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.173 Data Breach Record

Term DataBreachRecord Prefix dpv
Label Data Breach Record
IRI https://w3id.org/dpv#DataBreachRecord
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Record of a data breach incident
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.174 Data Controller

Term DataController Prefix dpv
Label Data Controller
IRI https://w3id.org/dpv#DataController
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataController, dpv:hasEntity, dpv:hasRecipientDataController, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition The individual or organisation that decides (or controls) the purpose(s) of processing personal data.
Usage Note The terms 'Controller', 'Data Controller', and 'PII Controller' refer to the same concept
Examples dex:E0032 :: Indicating Controller identity and details of representative
dex:E0033 :: Indicating Processor as the implementing entity in a process
Source GDPR Art.4-7g
Date Created 2019-04-05
Date Modified 2020-11-04
Contributors Axel Polleres, Javier Fernández
See More: section ENTITIES-LEGALROLE in DEX

17.1.175 Data Controller Contract

Term DataControllerContract Prefix dpv
Label Data Controller Contract
IRI https://w3id.org/dpv#DataControllerContract
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Creation, completion, fulfilment, or performance of a contract, with Data Controllers as parties being Joint Data Controllers, and involving specified processing of data or technologies
Date Created 2023-12-10
See More: section LEGAL-BASIS in DPV

17.1.176 Data Controller as Data Source

Term DataControllerDataSource Prefix dpv
Label Data Controller as Data Source
IRI https://w3id.org/dpv#DataControllerDataSource
Type rdfs:Class, skos:Concept, dpv:DataSource
Broader/Parent types dpv:DataSourcedpv:ProcessingContextdpv:Context
Object of relation dpv:hasContext, dpv:hasDataSource
Definition Data Sourced from Data Controller(s), e.g. a Controller inferring data or generating data
Date Created 2023-10-12
See More: section PROCESSING-CONTEXT in DPV

17.1.177 Data Deletion Policy

Term DataDeletionPolicy Prefix dpv
Label Data Deletion Policy
IRI https://w3id.org/dpv#DataDeletionPolicy
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DataProcessingPolicydpv:Policydpv:GovernanceProceduresdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasPolicy, dpv:hasTechnicalOrganisationalMeasure
Definition Policy regarding deletion of data
Usage Note Deletion and Erasure are distinct activities where deletion refers to logical removal of data with the possibility of retrieval whereas erasure refers to destruction of data such that it cannot be retrieved. See dpv:DataErasurePolicy
Date Created 2024-04-14
Contributors Georg P. Krog, Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.178 Data Erasure Policy

Term DataErasurePolicy Prefix dpv
Label Data Erasure Policy
IRI https://w3id.org/dpv#DataErasurePolicy
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DataProcessingPolicydpv:Policydpv:GovernanceProceduresdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasPolicy, dpv:hasTechnicalOrganisationalMeasure
Definition Policy regarding erasure of data
Usage Note Erasure or data destruction or secure removal of data refers to irreversible erasure of data. See dpv:DataDeletion for reversible or logical deletion of data
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.179 Data Exporter

Term DataExporter Prefix dpv
Label Data Exporter
IRI https://w3id.org/dpv#DataExporter
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataExporter, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition An entity that 'exports' data where exporting is considered a form of data transfer
Usage Note The term 'Data Exporter' is used by the EU-EDPB as the entity that transfer data across borders. While the EDPB refers to the jurisdictional border of EU, the term within DPV can be used to denote any 'export' or transfer or transmission of data and is thus a broader concept than the EDPB's definition.
Examples dex:E0035 :: Specifying data exporters and importers
Source EDPB Recommendations 01/2020 on Data Transfers
Date Created 2021-09-08
Contributors David Hickey, Georg P. Krog, Paul Ryan, Harshvardhan J. Pandit
See More: section ENTITIES-LEGALROLE in DEX

17.1.180 Data Governance

Term DataGovernance Prefix dpv
Label Data Governance
IRI https://w3id.org/dpv#DataGovernance
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:OrganisationGovernancedpv:Purpose
Object of relation dpv:hasPurpose
Definition Measures associated with topics typically considered to be part of 'Data Governance'
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.181 Data Importer

Term DataImporter Prefix dpv
Label Data Importer
IRI https://w3id.org/dpv#DataImporter
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Recipientdpv:LegalEntitydpv:Entity
Object of relation dpv:hasDataImporter, dpv:hasEntity, dpv:hasRecipient, dpv:hasResponsibleEntity, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor
Definition An entity that 'imports' data where importing is considered a form of data transfer
Usage Note The term 'Data Importer' is used by the EU-EDPB as the entity that receives transferred data across borders. While the EDPB refers to the jurisdictional border of EU, the term within DPV can be used to denote any 'import' or reception of transfer or transmission of data and is thus a broader concept than the EDPB's definition.
Examples dex:E0035 :: Specifying data exporters and importers
Source EDPB Recommendations 01/2020 on Data Transfers
Date Created 2021-09-08
Contributors David Hickey, Georg P. Krog, Paul Ryan, Harshvardhan J. Pandit
See More: section ENTITIES-LEGALROLE in DEX

17.1.182 Data Interoperability Assessment

Term DataInteroperabilityAssessment Prefix dpv
Label Data Interoperability Assessment
IRI https://w3id.org/dpv#DataInteroperabilityAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:DataInteroperabilityManagementdpv:DataGovernancedpv:OrganisationGovernancedpv:Purpose
Object of relation dpv:hasAssessment, dpv:hasOrganisationalMeasure, dpv:hasPurpose, dpv:hasTechnicalOrganisationalMeasure
Definition Measures associated with assessment of data interoperability
Date Created 2024-04-14
Contributors Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.183 Data Interoperability Improvement

Term DataInteroperabilityImprovement Prefix dpv
Label Data Interoperability Improvement
IRI https://w3id.org/dpv#DataInteroperabilityImprovement
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DataInteroperabilityManagementdpv:DataGovernancedpv:OrganisationGovernancedpv:Purpose
Object of relation dpv:hasPurpose
Definition Measures associated with improvement of data interoperability
Source
Date Created 2024-04-14
Contributors Beatriz Esteves, Harshvardhan J. Pandit
See More: section TOM-ORGANISATIONAL in DPV

17.1.184 Data Interoperability Management

Term DataInteroperabilityManagement Prefix dpv
Label Data Interoperability Management
IRI https://w3id.org/dpv#DataInteroperabilityManagement
Type