EU General Data Protection Regulation (GDPR)

version 2.0

Final Community Group Report

This version:
https://www.w3.org/community/reports/dpvcg/CG-FINAL-eu-gdpr-20240801/
Latest published version:
https://w3id.org/dpv/legal/eu/gdpr
Latest editor's draft:
https://dev.dpvcg.org/legal/eu/gdpr
Editor:
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Authors:
Beatriz Esteves (IDLab, IMEC, Ghent University)
Georg P. Krog (Signatu AS)
Harshvardhan J. Pandit (ADAPT Centre, Dublin City University)
Paul Ryan (Uniphar PLC)
Feedback:
GitHub w3c/dpv (pull requests, new issue, open issues)
This Release
https://w3id.org/dpv/2.0/legal/eu/gdpr
Previous Release
https://w3id.org/dpv/1.0/dpv-gdpr
Key Publications
Data Privacy Vocabulary (DPV) -- Version 2 (2024)
Creating a Vocabulary for Data Privacy (2019)

Abstract

The EU-GDPR extension extends the Data Privacy Vocabulary (DPV) Specification to provide concepts such as legal bases, rights, and data transfer tools based on the General Data Protection Regulation (GDPR). The canonical URL for EU-GDPR extension is https://w3id.org/dpv/legal/eu/gdpr, the namespace for terms is https://w3id.org/dpv/legal/eu/gdpr#, the suggested prefix is eu-gdpr, and this document along with source and releases are available at https://github.com/w3c/dpv.

Status of This Document

This specification was published by the Data Privacy Vocabularies and Controls Community Group. It is not a W3C Standard nor is it on the W3C Standards Track. Please note that under the W3C Community Final Specification Agreement (FSA) other conditions apply. Learn more about W3C Community and Business Groups.

Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing guide for further information.

GitHub Issues are preferred for discussion of this specification.

Data Privacy Vocabulary (DPV) Specification: is the base/core specification for the 'Data Privacy Vocabulary', which is extended for Personal Data [PD], Locations [LOC], Risk Management [RISK], Technology [TECH], and [AI]. Specific [LEGAL] extensions are also provided which model jurisdiction specific regulations and concepts . To support understanding and applications of [DPV], various guides and resources [GUIDES] are provided, including a [PRIMER]. A Search Index of all concepts from DPV and extensions is available.

[DPV] and related resources are published on GitHub. For a general overview of the Data Protection Vocabularies and Controls Community Group [DPVCG], its history, deliverables, and activities - refer to DPVCG Website. For meetings, see the DPVCG calendar.

The peer-reviewed article “Creating A Vocabulary for Data Privacy” presents a historical overview of the DPVCG, and describes the methodology and structure of the DPV along with describing its creation. An open-access version can be accessed here, here, and here. The article Data Privacy Vocabulary (DPV) - Version 2, accepted for presentation at the 23rd International Semantic Web Conference (ISWC 2024), describes the changes made in DPV v2.

2. Introduction

Figure 1 GDPR Extension extending DPV core concepts. Blue boxes are placeholders for concepts that are further detailed. See corresponding section in this document for more information. Click here to open diagram in new window.

The [EU-GDPR] extension provides concepts extending the [DPV] to represent information requirements from the [GDPR]. It enables the use of DPV to represent use-cases that are regulated by the GDPR, such as using specific legal bases defined in the GDPR, or to represent the applicability of rights, or requirements for conducting data protection impact assessments. It also enables representing practicalities such as organisations and their 'establishments' in the EU, data breach reporting and impact assessments, and data transfer tools. In particular, the [EU-GDPR] extension provides the following:

4. Principles

Figure 5 GDPR Principles extending DPV's core concept "Principle"

Principles, as defined in GDPR Article 5, are represented as concepts by extending the concept dpv:Principle, which is a type of organisational measure in [DPV]. How these principles are used or applied or evaluated is not defined in this extension. These concepts can be used as part of compliance assessments, for example with dpv:ComplianceStatus or dpv:Lawfulness, to indicate whether the principle has been fulfilled or violated.

Note: Extending GDPR Principles information in DPV

5. Data Subject Rights

Figure 6 Data Subject Rights as defined by GDPR extending DPV's core concept "Right"

GDPR provides several rights to the data subject, whose applicability depends on the context and nature of processing taking place. DPV lists these rights at an abstract level as concepts along with their origin in specific clauses of the GDPR.

In addition to DPV's concepts regarding exercise of rights, EU-GDPR provides additional concepts specific to the implementation of its rights. For example, SARNotice refers to the information provided in fulfilment of A15 Right of Access, or using dcat:Resource to represent the dataset provided in fulfilment of A20 Right to Data Portability.

Note: Forthcoming guidance on implementation of rights

7. Data Transfer Tools

Figure 7 GDPR's tools for data transfers to third countries extending DPV's core concept "OrganisationalMeasure"

GDPR regulates data transfers outside the EU/EEA based on jurisdictions the transfer is occurring within and the guarantees available regarding the protection of personal data and fundamental rights. To indicate the sufficiency of a data transfer being compatible and adherent to these requirements, the European Commission provides various 'data transfer tools' based on the legal bases provided within the GDPR. EU-GDPR models these as follows.

Note: Providing implementations of Data Transfer Tools

The EU-GDPR's concepts for transfer tools are currently symbolic, and do not provide a way to actually implement those tools. For example, to represent the information contained within a SCC or BCR. The DPVCG is interested in providing such implementations, and welcomes discussions and contributions for the same.

8. DPIA

[GDPR] Article 35 specifies the conditions and requirements associated with Data Protection Impact Assessments. EU-GDPR expands on the DPIA concept defined as an Organisational Measure within DPV by considering a DPIA as consisting of the following iterative process, and providing statuses for documenting their progression and outputs:

  1. Identifying activities for which a DPIA is to be undertaken (represented using DPV and EU-GDPR)
  2. Checking whether a DPIA is needed as per GDPR Art.35 and other jurisdictional requirements: the activitiy is DPIANecessityAssessment and its output is denoted using DPIANecessityStatus
  3. Conducting the DPIA to identify risks and impacts: the activity is DPIAProcedure and its output is denoted using DPIARiskStatus
  4. Determining the outcome based on risk mitigation: the activity is DPIAOutcome and its output is denoted using DPIAOutcomeStatus
  5. Determining whether processing should be permitted to continue or be carried out, with the outcome being denote using DPIAProcessingRecommendation
  6. Assessing whether processing is carried out in conformance with the DPIA, with the outcome being denoted using DPIAConformity

In addition to DPV's concepts for representing information about processing of personal data, EU-GDPR also recommends using DCMI Metadata Terms (DCT) concepts to represent relevant metadata, such as dates, identifiers, validity, etc.

Note: Guidance on documenting DPIAs using DPV and EU-GDPR

The DPVCG is working on updating the Guide for GDPR DPIA's using DPV based on recent updates in DPV and EU-GDPR. In addition to these, we are also working on providing concepts for expressing impacts and risk management within Risk Assessment and Management concepts for DPV.

9. Data Breach

[GDPR] defines several obligations regarding the handling of data breach incidents, and authoritative guidance establishes the categories of data breach based on how it affects data. To support implementation of these, the [EU-GDPR] extension provides concepts that extend the [DPV] to define GDPR specific requirements.

DataBreach is a specific concept that reflects the GDPR's definition of data breaches, and is separate from a general data breach incident (such as that defined within the [RISK] extension) in terms of its involvement of personal data as well the use of GDPR 'processing' definition. Under GDPR, data breaches are categorised based on the CIA information security model as ConfidentialityBreach for disclosures e.g. accidentally sharing data, IntegrityBreach for alterations e.g. maliciously overwriting data, and AvailabilityBreach for loss or destruction e.g. erasing all data on disk. In addition to these, GDPR also requires awareness of when a breach affects multiple jurisdictions either due to involvement of data subjects from multiple EU countries or because the processing of personal data involves multiple locations spread across EU. Such breaches are categorised as CrossBorderDataBreach.

Note: Guidance on documenting data breaches

DataBreachNotice represents the communication of information regarding a data breach to another entity, such as reporting it to the authority or sending communications to data subjects. Specific notice concepts are defined to reflect the recipients, for example ControllerBreachNotice is a notice sent to the controller and DataSubjectBreachNotice is a notice sent to the data subject. For reporting data breaches to authorities, there are multiple types of notifications at various stages of investigations - these are represented by DPABreachNotice with additional concepts for initial notice sent within 72 hours, as well as 'phased' notices which are sent as information becomes available.

To represent status of GDPR obligations regarding data breach notifications, the concept DataBreachNoticeRequirement provides specific outcomes which can be documented. For example, BreachNotificationNotNeeded indicates that notifications are not needed, and DPABreachNotificationNeeded represents a notification to the authority is needed.

To support the documentation of data breaches, the concept DataBreachReport represents a report associated with the breach, which can contain information on how the breach was discovered, the duration and coverage of the breach, what measures were taken to handle it, and what notifications were sent as part of the data breach handling processes. Specific concepts are provided to represent different reports required for fulfilling GDPR requirements, for example DataBreachDetectionReport as a report regarding the detection of a data breach and DataBreachPreliminaryReport as a preliminary report (e.g. within 72 hours) when an investigation is underway.

GDPR also requires carrying out an impact assessment to determine the level of risk associated with the data breach, in particular on the processing of personal data and on the rights and freedoms of the data subjects. To represent this, the concept DBIARiskStatus is provided with specific outcomes. For example, DBIAIndicatesHighRisk indicates the data breach has a 'high-risk' status.

10. Establishment and Authorities

10.1 Establishment

The concept 'establishment' is defined in the GPDR in Article 4-16 as 'main establishment' which is used to determine who will be the 'lead' supervisory authority responsible. An establishment in this context can be a subsidiary, a division or branch, or other forms of corporate structures through which multi-national corporations and organisations operate. To support representation of this, [EU-GDPR] defines the concept Establishment, and extends it as MainEstablishment to indicate which establishment is the 'main'. To indicate that there is only a single establishment and no other locations are involved, the concept SingleEstablishment is provided.

Establishments are indicated by using the relation hasEstablishment. Main establishment is associated by using the relation isMainEstablishmentFor, or the main establishment can be indicated using hasMainEstablishment. To represent organisation structures such as subsidiaries, the relation dpv:hasSubsidiary and dpv:isSubsidiaryOf can be reused.

  • eu-gdpr:Establishment: Establishment is a Legal Entity which implies the effective and real exercise of activities through stable arrangements (with a presumed parent or primary establishment) go to full definition
    • eu-gdpr:MainEstablishment: A Main Establishment is the place of central administration in the Union unless the decisions on the purposes and means of the processing of personal data are taken in another establishment in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment go to full definition
    • eu-gdpr:SingleEstablishment: A legal entity that is established in only one Member State go to full definition

10.2 Authorities

GDPR has a cross-border procedure for handling of compliance and investigations as the authorities are defined at a national level (in addition to supra- and intra- authorities). As part of this, an investigation involving multiple authorities requires establishing which authority is the 'lead' with the others categorised as 'concerned' authorities. The 'lead' authority may be different from the 'local' authority which is defined based on where the organisation is established or has its main establishment. To represent these cases, the [EU-GDPR] defines LeadSupervisoryAuthority, ConcernedSupervisoryAuthority, and LocalSupervisoryAuthority concepts. To associate them, the relations hasLeadSA, hasConcernedSA, and hasLocalSA are provided.

  • eu-gdpr:DataProtectionAuthority: A Supervisory Authority responsible for the enfocement of the GDPR go to full definition
    • eu-gdpr:ConcernedSupervisoryAuthority: Authority with other than lead supervisory authority who is involved in dealing with a cross-border data processing activity go to full definition
    • eu-gdpr:LeadSupervisoryAuthority: Authority with the primary responsibility for dealing with a cross-border data processing activity go to full definition
    • eu-gdpr:LocalSupervisoryAuthority: Authority associated with the main or local establishment of an organisation go to full definition

11. Compliance

The concepts in this section reflect the status of processing operations being in compliance with GDPR, by extending the ComplianceStatus from DPV for GDPR. It does not define the requirements for compliance itself. To indicate these, the relation dpv:hasLawfulness can be used.

12. Vocabulary Index

12.1 Classes

12.1.1 A13 Right to be Informed

Term A13 Prefix eu-gdpr
Label A13 Right to be Informed
IRI https://w3id.org/dpv/legal/eu/gdpr#A13
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition information to be provided where personal data is directly collected from data subject
Source GDPR Art.13
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.2 A14 Right to be Informed

Term A14 Prefix eu-gdpr
Label A14 Right to be Informed
IRI https://w3id.org/dpv/legal/eu/gdpr#A14
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition information to be provided where personal data is collected from other sources
Source GDPR Art.14
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.3 A15 Right of Access

Term A15 Prefix eu-gdpr
Label A15 Right of Access
IRI https://w3id.org/dpv/legal/eu/gdpr#A15
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right of access
Source GDPR Art.15
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.4 A16 Right to Rectification

Term A16 Prefix eu-gdpr
Label A16 Right to Rectification
IRI https://w3id.org/dpv/legal/eu/gdpr#A16
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to rectification
Source GDPR Art.16
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.5 A17 Right to Erasure

Term A17 Prefix eu-gdpr
Label A17 Right to Erasure
IRI https://w3id.org/dpv/legal/eu/gdpr#A17
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to erasure ('Right to be forgotten')
Source GDPR Art.17
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.6 A18 Right to Restrict Processing

Term A18 Prefix eu-gdpr
Label A18 Right to Restrict Processing
IRI https://w3id.org/dpv/legal/eu/gdpr#A18
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to restriction of processing
Source GDPR Art.18
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.7 A19 Right to Rectification Notification

Term A19 Prefix eu-gdpr
Label A19 Right to Rectification Notification
IRI https://w3id.org/dpv/legal/eu/gdpr#A19
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to be notified in case of rectification or erasure of personal data or restriction of processing
Source GDPR Art.19
Date Created 2020-11-04
Date Modified 2024-04-14
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.8 A20 Right to Data Portability

Term A20 Prefix eu-gdpr
Label A20 Right to Data Portability
IRI https://w3id.org/dpv/legal/eu/gdpr#A20
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to data portability
Source GDPR Art.20
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.9 A21 Right to object

Term A21 Prefix eu-gdpr
Label A21 Right to object
IRI https://w3id.org/dpv/legal/eu/gdpr#A21
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to object to processing of personal data
Source GDPR Art.21
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.10 A22 Right to object to automated decision making

Term A22 Prefix eu-gdpr
Label A22 Right to object to automated decision making
IRI https://w3id.org/dpv/legal/eu/gdpr#A22
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right not to be subject to a decision based solely on automated processing including profiling
Source GDPR Art.22
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.11 Art 45(3) adequacy decision

Term A45-3 Prefix eu-gdpr
Label Art 45(3) adequacy decision
IRI https://w3id.org/dpv/legal/eu/gdpr#A45-3
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Personal data can flow freely from the EU to a third country with an Adequacy Decision without any further safeguard being necessary.
Usage Note Transfer from EU to a third country. Third country has Adequacy Decision.
Source GDPR Art.45-3
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
Term A46-2-a Prefix eu-gdpr
Label Art 46(2-a) legal instrument
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-a
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition A legally binding and enforceable instrument between public authorities or bodies
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority.
Source GDPR Art.46-2a
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.13 Art 46(2-b) Binding Corporate Rules (BCR)

Term A46-2-b Prefix eu-gdpr
Label Art 46(2-b) Binding Corporate Rules (BCR)
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-b
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:BindingCorporateRuleseu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Binding corporate rules
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority.
Source GDPR Art.46-2b
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.14 Art 46(2-c) Standard Contractual Clauses (SCC) by EC

Term A46-2-c Prefix eu-gdpr
Label Art 46(2-c) Standard Contractual Clauses (SCC) by EC
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-c
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types eu-gdpr:SCCByCommissioneu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:SCCByCommissioneu-gdpr:StandardContractualClausesdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:SCCByCommissioneu-gdpr:StandardContractualClauseseu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalBasis, dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Standard data protection clauses adopted by the Commission
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority.
Source GDPR Art.46-2c
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.15 Art 46(2-d) Standard Contractual Clauses (SCC) by DPA

Term A46-2-d Prefix eu-gdpr
Label Art 46(2-d) Standard Contractual Clauses (SCC) by DPA
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-d
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types eu-gdpr:SCCBySupervisoryAuthorityeu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:SCCBySupervisoryAuthorityeu-gdpr:StandardContractualClausesdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:SCCBySupervisoryAuthorityeu-gdpr:StandardContractualClauseseu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalBasis, dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Standard data protection clauses adopted by a Supervisory Authority
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority
Source GDPR Art.46-2d
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.16 Art 46(2-e) code of conduct

Term A46-2-e Prefix eu-gdpr
Label Art 46(2-e) code of conduct
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-e
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition An approved code of conduct pursuant to GDPR Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards individuals´ rights
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority.
Source GDPR Art.46-2e
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.17 Art 46(2-f) certification

Term A46-2-f Prefix eu-gdpr
Label Art 46(2-f) certification
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-2-f
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition An approved certification mechanism pursuant to GDPR Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards individuals` rights
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Third country has appropriate safeguards. Transfer does not require specific authorisation from a Supervisor Authority.
Source GDPR Art.46-2f
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.18 Art 46(3-a) contractual clauses

Term A46-3-a Prefix eu-gdpr
Label Art 46(3-a) contractual clauses
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-3-a
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Contractual clauses with controller, processor or recipient of the personal data in the third country or the international organisation.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards exist. Transfer does requires specific authorisation from a Supervisor Authority.
Source GDPR Art.46-3a
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.19 Art 46(3-b) administrative arrangements

Term A46-3-b Prefix eu-gdpr
Label Art 46(3-b) administrative arrangements
IRI https://w3id.org/dpv/legal/eu/gdpr#A46-3-b
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards exist. Transfer does requires specific authorisation from a Supervisor Authority.
Source GDPR Art.46-3b
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
Term A49-1-a Prefix eu-gdpr
Label Art 49(1-a) explicit consent
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-a
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types dpv:ExplicitlyExpressedConsentdpv:ExpressedConsentdpv:InformedConsentdpv:Consentdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1a
Date Created 2020-11-04
Date Modified 2022-06-22
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.21 Art 49(1-b) performance of contract

Term A49-1-b Prefix eu-gdpr
Label Art 49(1-b) performance of contract
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-b
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis, dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition The transfer is necessary for the performance of a contract between the data subject and controller or the implementation of pre-contractual measures taken at the data subject´s request.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1b
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.22 Art 49(1-c) conclusion of contract

Term A49-1-c Prefix eu-gdpr
Label Art 49(1-c) conclusion of contract
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-c
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis, dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject and controller and another natural or legal person.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1c
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.23 Art 49(1-d) public interest

Term A49-1-d Prefix eu-gdpr
Label Art 49(1-d) public interest
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-d
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types dpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The transfer is necessary for important reasons of public interest.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1d
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
Term A49-1-e Prefix eu-gdpr
Label Art 49(1-e) legal claims
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-e
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The transfer is necessary for the establishment, exercise or defence of legal claims.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1e
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.25 Art 49(1-f) protect vital interests

Term A49-1-f Prefix eu-gdpr
Label Art 49(1-f) protect vital interests
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-f
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types dpv:VitalInterestOfNaturalPersondpv:VitalInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the person is physically or legally incapable of giving consent.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1f
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.26 Art 49(1-g) public register

Term A49-1-g Prefix eu-gdpr
Label Art 49(1-g) public register
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-1-g
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The transfer is made from a register which according to Union or Member State law is intended to provide information to the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.
Usage Note Transfer from EU to a third country. Third country has not Adequacy Decision. Appropriate safeguards do not exist.
Source GDPR Art.49-1g
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR

12.1.27 Art 49(2) legitimate interests

Term A49-2 Prefix eu-gdpr
Label Art 49(2) legitimate interests
IRI https://w3id.org/dpv/legal/eu/gdpr#A49-2
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:DataTransferLegalBasisdpv:LegalBasis
Broader/Parent types dpv:LegitimateInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition The transfer is not repetitive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by controller which are not overridden by the interests or rights and freedoms of the data subject, and controller has assessed all the circumstances surrounding the data transfer and have on the basis of that assessment provided suitable safeguards with regard to the protection of personal data.
Usage Note Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist and no other options apply.
Source GDPR Art.49-2
Date Created 2020-11-04
Date Modified 2021-09-08
Contributors Georg P. Krog
See More: section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
Term A6-1-a Prefix eu-gdpr
Label Art.6(1-a) consent
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-a
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:ExpressedConsentdpv:InformedConsentdpv:Consentdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on data subject's given consent to the processing of his or her personal data for one or more specific purposes
Usage Note Consent can be explicit or non-explicit. To express these specifically, see the explicit and non-explicit variations provided for Art.6-1a.
Source GDPR Art.6-1a
Date Created 2022-09-07
Date Modified 2022-11-24
Contributors Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A20 Right to Data Portability , A22 Right to object to automated decision making , A7-3 Right to Withdraw Consent , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.31 Art 6(1-b) contract

Term A6-1-b Prefix eu-gdpr
Label Art 6(1-b) contract
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-b
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Legal basis based on performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
Source GDPR Art.6-1b
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A20 Right to Data Portability , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.32 Art 6(1-b) contract performance

Term A6-1-b-contract-performance Prefix eu-gdpr
Label Art 6(1-b) contract performance
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-b-contract-performance
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-bdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:ContractPerformancedpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Legal basis based on performance of a contract to which the data subject is party
Source GDPR Art.6-1b
Date Created 2022-11-24
Date Modified 2022-11-24
Contributors Georg P. Krog
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A20 Right to Data Portability , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.33 Art 6(1-b) enter into contract

Term A6-1-b-enter-into-contract Prefix eu-gdpr
Label Art 6(1-b) enter into contract
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-b-enter-into-contract
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-bdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types dpv:EnterIntoContractdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Legal basis based on taking steps at the request of the data subject prior to entering into a contract
Source GDPR Art.6-1b
Date Created 2022-11-24
Date Modified 2022-11-24
Contributors Georg P. Krog
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A20 Right to Data Portability , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
Term A6-1-c Prefix eu-gdpr
Label Art 6(1-c) legal obligation
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-c
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalObligationdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on compliance with a legal obligation to which the controller is subject
Source GDPR Art.6-1c
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit
has right A13 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A18 Right to Restrict Processing , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.35 Art 6(1-d) protect vital interests

Term A6-1-d Prefix eu-gdpr
Label Art 6(1-d) protect vital interests
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-d
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:VitalInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on protecting the vital interests of the data subject or of another natural person
Source GDPR Art.6-1d
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.36 Art 6(1-d) protect vital interests of data subject

Term A6-1-d-data-subject Prefix eu-gdpr
Label Art 6(1-d) protect vital interests of data subject
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-d-data-subject
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-ddpv:VitalInterestdpv:LegalBasis
Broader/Parent types dpv:VitalInterestOfDataSubjectdpv:VitalInterestOfNaturalPersondpv:VitalInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on protecting the vital interests of the data subject
Source GDPR Art.6-1d
Date Created 2022-11-24
Date Modified 2022-11-24
Contributors Georg P. Krog
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.37 Art 6(1-d) protect vital interests of natural person

Term A6-1-d-natural-person Prefix eu-gdpr
Label Art 6(1-d) protect vital interests of natural person
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-d-natural-person
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-ddpv:VitalInterestdpv:LegalBasis
Broader/Parent types dpv:VitalInterestOfNaturalPersondpv:VitalInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on protecting the vital interests of another natural person that is not the data subject
Source GDPR Art.6-1d
Date Created 2022-11-24
Date Modified 2024-02-15
Contributors Georg P. Krog
See More: section LEGAL-BASIS in EU-GDPR

12.1.38 Art 6(1-e) public interest or official authority

Term A6-1-e Prefix eu-gdpr
Label Art 6(1-e) public interest or official authority
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-e
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:OfficialAuthorityOfControllerdpv:LegalBasis
Broader/Parent types dpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Source GDPR Art.6-1e
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.39 Art 6(1-e) official authority

Term A6-1-e-official-authority Prefix eu-gdpr
Label Art 6(1-e) official authority
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-e-official-authority
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-edpv:OfficialAuthorityOfControllerdpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-edpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on the exercise of official authority vested in the controller
Source GDPR Art.6-1e
Date Created 2022-08-24
Date Modified 2022-11-24
Contributors Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.40 Art 6(1-e) public interest

Term A6-1-e-public-interest Prefix eu-gdpr
Label Art 6(1-e) public interest
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-e-public-interest
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-edpv:OfficialAuthorityOfControllerdpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-edpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on performance of a task carried out in the public interest
Source GDPR Art.6-1e
Date Created 2022-08-24
Date Modified 2022-11-24
Contributors Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.41 Art 6(1-f) legitimate interest

Term A6-1-f Prefix eu-gdpr
Label Art 6(1-f) legitimate interest
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-f
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegitimateInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
Source GDPR Art.6-1f
Date Created 2019-04-05
Date Modified 2022-11-24
Contributors Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.42 Art 6(1-f) legitimate interest of controller

Term A6-1-f-controller Prefix eu-gdpr
Label Art 6(1-f) legitimate interest of controller
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-f-controller
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-fdpv:LegitimateInterestdpv:LegalBasis
Broader/Parent types dpv:LegitimateInterestOfControllerdpv:LegitimateInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
Source GDPR Art.6-1f
Date Created 2022-11-24
Date Modified 2022-11-24
Contributors Georg P. Krog
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR

12.1.43 Art 6(1-f) legitimate interest of third party

Term A6-1-f-third-party Prefix eu-gdpr
Label Art 6(1-f) legitimate interest of third party
IRI https://w3id.org/dpv/legal/eu/gdpr#A6-1-f-third-party
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A6-1-fdpv:LegitimateInterestdpv:LegalBasis
Broader/Parent types dpv:LegitimateInterestOfThirdPartydpv:LegitimateInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition Legal basis based on the purposes of the legitimate interests pursued by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
Source GDPR Art.6-1f
Date Created 2022-11-24
Date Modified 2022-11-24
Contributors Georg P. Krog
has right A13 Right to be Informed , A14 Right to be Informed , A15 Right of Access , A16 Right to Rectification , A17 Right to Erasure , A18 Right to Restrict Processing , A21 Right to object , A22 Right to object to automated decision making , A77 Right to Complaint
See More: section LEGAL-BASIS in EU-GDPR , section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
Term A7-3 Prefix eu-gdpr
Label A7-3 Right to Withdraw Consent
IRI https://w3id.org/dpv/legal/eu/gdpr#A7-3
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to withdraw consent at any time
Source GDPR Art.7-3
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.45 A77 Right to Complaint

Term A77 Prefix eu-gdpr
Label A77 Right to Complaint
IRI https://w3id.org/dpv/legal/eu/gdpr#A77
Type rdfs:Class, skos:Concept, dpv:Right
Broader/Parent types dpv:DataSubjectRightdpv:Right
Object of relation dpv:hasRight
Definition Right to lodge a complaint with a supervisory authority
Source GDPR Art.77
Date Created 2020-11-04
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR
Term A9-2-a Prefix eu-gdpr
Label Art 9(2-a) explicit consent
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-a
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:ExplicitlyExpressedConsentdpv:ExpressedConsentdpv:InformedConsentdpv:Consentdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition explicit consent with special categories of data
Source GDPR Art.9-2a
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.47 Art 9(2-b) employment, social security, social protection law

Term A9-2-b Prefix eu-gdpr
Label Art 9(2-b) employment, social security, social protection law
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-b
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition employment and social security and social protection law
Source GDPR Art.9-2b
Date Created 2019-04-05
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.48 Art 9(2-c) protect vital interest

Term A9-2-c Prefix eu-gdpr
Label Art 9(2-c) protect vital interest
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-c
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:VitalInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition protection of the vital interests
Source GDPR Art.9-2c
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.49 Art 9(2-d) legitimate activities

Term A9-2-d Prefix eu-gdpr
Label Art 9(2-d) legitimate activities
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-d
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegitimateInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
Source GDPR Art.9-2d
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.50 Art 9(2-e) data made public

Term A9-2-e Prefix eu-gdpr
Label Art 9(2-e) data made public
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-e
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition data manifestly made public by the data subject
Source GDPR Art.9-2e
Date Created 2019-04-05
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.51 Art 9(2-f) judicial process

Term A9-2-f Prefix eu-gdpr
Label Art 9(2-f) judicial process
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-f
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition establishment, exercise or defence of legal claims / courts acting in their judicial capacity
Source GDPR Art.9-2f
Date Created 2019-04-05
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.52 Art 9(2-g) public interest

Term A9-2-g Prefix eu-gdpr
Label Art 9(2-g) public interest
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-g
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition substantial public interest, on the basis of Union or Member State law
Source GDPR Art.9-2g
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.53 Art 9(2-h) health & medicine

Term A9-2-h Prefix eu-gdpr
Label Art 9(2-h) health & medicine
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-h
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
Source GDPR Art.9-2h
Date Created 2019-04-05
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.54 Art 9(2-i) public interest in public health

Term A9-2-i Prefix eu-gdpr
Label Art 9(2-i) public interest in public health
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-i
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition public interest in public health
Source GDPR Art.9-2i
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.55 Art 9(2-j) public interest, scientific research, statistical purpose

Term A9-2-j Prefix eu-gdpr
Label Art 9(2-j) public interest, scientific research, statistical purpose
IRI https://w3id.org/dpv/legal/eu/gdpr#A9-2-j
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types dpv:PublicInterestdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition public interest, scientific or historical research purposes or statistical purposes based on Union or Member State law
Source GDPR Art.9-2j
Date Created 2019-04-05
Date Modified 2021-09-08
Contributors Eva Schlehahn, Bud Bruegger
See More: section LEGAL-BASIS-SPECIAL in EU-GDPR

12.1.56 Accountability Principle

Term AccountabilityPrinciple Prefix eu-gdpr
Label Accountability Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#AccountabilityPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating the controller shall be responsible for, and be able to demonstrate compliance with the other principles (from Art.5-1)
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.57 Accuracy Principle

Term AccuracyPrinciple Prefix eu-gdpr
Label Accuracy Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#AccuracyPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay used for
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.58 Adequacy Decision

Term AdequacyDecision Prefix eu-gdpr
Label Adequacy Decision
IRI https://w3id.org/dpv/legal/eu/gdpr#AdequacyDecision
Type rdfs:Class, skos:Concept, dpv:LegalBasis
Broader/Parent types eu-gdpr:A45-3dpv:DataTransferLegalBasisdpv:LegalBasis
Object of relation dpv:hasLegalBasis
Definition An adequacy decision as per GDPR Art.45(3) for the transfer of data to a third country or an international organisation
Source GDPR Art.45-3
Date Created 2024-06-22
Contributors Harshvardhan J. Pandit
See More: section LEGAL-BASIS-DATA-TRANSFER in LEGAL-EU

12.1.59 AdHoc Contractual Clauses

Term AdHocContractualClauses Prefix eu-gdpr
Label AdHoc Contractual Clauses
IRI https://w3id.org/dpv/legal/eu/gdpr#AdHocContractualClauses
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Contractual Clauses not drafted by the EU Commission, e.g. by the Controller
Source EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Date Created 2021-09-22
Contributors Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.60 Availability Breach

Term AvailabilityBreach Prefix eu-gdpr
Label Availability Breach
IRI https://w3id.org/dpv/legal/eu/gdpr#AvailabilityBreach
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachrisk:Incident
Object of relation risk:hasIncident
Definition A data breach where there is an accidental or unauthorised loss of access to or destruction of personal data
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.61 Binding Corporate Rules (BCR)

Term BindingCorporateRules Prefix eu-gdpr
Label Binding Corporate Rules (BCR)
IRI https://w3id.org/dpv/legal/eu/gdpr#BindingCorporateRules
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Binding corporate rules (BCR) are data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises.
Source GDPR Art.4-20
Date Created 2021-09-22
Contributors David Hickey, Paul Ryan, Georg P. Krog, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.62 Breach Notification Not Needed

Term BreachNotificationNotNeeded Prefix eu-gdpr
Label Breach Notification Not Needed
IRI https://w3id.org/dpv/legal/eu/gdpr#BreachNotificationNotNeeded
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNoticeRequirement
Broader/Parent types eu-gdpr:DataBreachNoticeRequirementdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Data Breach notifications to DPA or Data Subjects are not required
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.63 Certification Mechanisms for Data Transfers

Term CertificationMechanismsForDataTransfers Prefix eu-gdpr
Label Certification Mechanisms for Data Transfers
IRI https://w3id.org/dpv/legal/eu/gdpr#CertificationMechanismsForDataTransfers
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Certification and its binding or specified mechanisms intended to provide sufficient safeguards for data transfers
Source EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Date Created 2021-09-22
Contributors Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.64 Codes of Conduct for Data Transfers

Term CodesOfConductForDataTransfers Prefix eu-gdpr
Label Codes of Conduct for Data Transfers
IRI https://w3id.org/dpv/legal/eu/gdpr#CodesOfConductForDataTransfers
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Codes of Conduct that outline sufficient safeguards for carrying out data transfers
Source EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Date Created 2021-09-22
Contributors Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.65 Concerned Supervisory Authority

Term ConcernedSupervisoryAuthority Prefix eu-gdpr
Label Concerned Supervisory Authority
IRI https://w3id.org/dpv/legal/eu/gdpr#ConcernedSupervisoryAuthority
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataProtectionAuthoritydpv:DataProtectionAuthoritydpv:Authoritydpv:GovernmentalOrganisationdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasAuthority, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasConcernedSA, eu-gdpr:hasEstablishment, eu-gdpr:hasLeadSA, eu-gdpr:hasLocalSA, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition Authority with other than lead supervisory authority who is involved in dealing with a cross-border data processing activity
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.66 Confidentiality Breach

Term ConfidentialityBreach Prefix eu-gdpr
Label Confidentiality Breach
IRI https://w3id.org/dpv/legal/eu/gdpr#ConfidentialityBreach
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachrisk:Incident
Object of relation risk:hasIncident
Definition A data breach where there is an unauthorised or accidental disclosure of or access to personal data
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.67 Controller Breach Notice

Term ControllerBreachNotice Prefix eu-gdpr
Label Controller Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#ControllerBreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice regarding a data breach to the Controller
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.68 Controller Breach Notification Needed

Term ControllerBreachNotificationNeeded Prefix eu-gdpr
Label Controller Breach Notification Needed
IRI https://w3id.org/dpv/legal/eu/gdpr#ControllerBreachNotificationNeeded
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNoticeRequirement
Broader/Parent types eu-gdpr:DataBreachNoticeRequirementdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Data Breach notification to the Controller is required
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.69 Cross-Border Data Breach

Term CrossBorderDataBreach Prefix eu-gdpr
Label Cross-Border Data Breach
IRI https://w3id.org/dpv/legal/eu/gdpr#CrossBorderDataBreach
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachrisk:Incident
Object of relation risk:hasIncident
Definition A data breach involving cross-border data subjects or processing operations
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.70 Data Breach

Term DataBreach Prefix eu-gdpr
Label Data Breach
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreach
Type rdfs:Class, skos:Concept
Broader/Parent types risk:Incident
Object of relation risk:hasIncident
Definition A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
Usage Note GDPR's notion of data breach includes any incident that affects the confidentiality, integrity, and availability of personal data and its processing without distinguishing between internal or external actors involved in the incident
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.71 Data Breach Concluding Report

Term DataBreachConcludingReport Prefix eu-gdpr
Label Data Breach Concluding Report
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachConcludingReport
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:IncidentHandlingReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Documented information about a concluded data breach incident
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.72 Data Breach Detection Report

Term DataBreachDetectionReport Prefix eu-gdpr
Label Data Breach Detection Report
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachDetectionReport
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:IncidentDetectionReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Documented information about a data breach being detected
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.73 Data Breach Notice

Term DataBreachNotice Prefix eu-gdpr
Label Data Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachNotice
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice associated with data breach providing information in compliance with GDPR
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.74 Data Breach Notice Requirement

Term DataBreachNoticeRequirement Prefix eu-gdpr
Label Data Breach Notice Requirement
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachNoticeRequirement
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Whether a Data Breach notification is required
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.75 Data Breach Ongoing Report

Term DataBreachOngoingReport Prefix eu-gdpr
Label Data Breach Ongoing Report
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachOngoingReport
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:IncidentAssessmentReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Documented information about an ongoing data breach
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.76 Data Breach Preliminary Report

Term DataBreachPreliminaryReport Prefix eu-gdpr
Label Data Breach Preliminary Report
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachPreliminaryReport
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types risk:IncidentAssessmentReportrisk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Documented information about preliminary assessment regarding a data breach
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.77 Data Breach Register

Term DataBreachRegister Prefix eu-gdpr
Label Data Breach Register
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachRegister
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Register of data breaches containing facts relating to the personal data breach, its effects and the remedial action taken
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.78 Data Breach Report

Term DataBreachReport Prefix eu-gdpr
Label Data Breach Report
IRI https://w3id.org/dpv/legal/eu/gdpr#DataBreachReport
Type rdfs:Class, skos:Concept
Broader/Parent types risk:IncidentReportdpv:RecordsOfActivitiesdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasRecordOfActivity, dpv:hasTechnicalOrganisationalMeasure
Definition Documented information about a data breach incident, its handling, assessments, and notifications
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.79 Data Minimisation Principle

Term DataMinimisationPrinciple Prefix eu-gdpr
Label Data Minimisation Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#DataMinimisationPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be processed adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.80 Data Protection Authority

Term DataProtectionAuthority Prefix eu-gdpr
Label Data Protection Authority
IRI https://w3id.org/dpv/legal/eu/gdpr#DataProtectionAuthority
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:DataProtectionAuthoritydpv:Authoritydpv:GovernmentalOrganisationdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasAuthority, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasConcernedSA, eu-gdpr:hasEstablishment, eu-gdpr:hasLeadSA, eu-gdpr:hasLocalSA, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition A Supervisory Authority responsible for the enfocement of the GDPR
Source
Date Created 2024-06-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in LEGAL-EU

12.1.81 Data Subject Breach Notice

Term DataSubjectBreachNotice Prefix eu-gdpr
Label Data Subject Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DataSubjectBreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice regarding a data breach to the Data Subject
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.82 Data Subject Breach Notification Needed

Term DataSubjectBreachNotificationNeeded Prefix eu-gdpr
Label Data Subject Breach Notification Needed
IRI https://w3id.org/dpv/legal/eu/gdpr#DataSubjectBreachNotificationNeeded
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNoticeRequirement
Broader/Parent types eu-gdpr:DataBreachNoticeRequirementdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Data Breach notification to the Data Subject is required
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.83 Data Transfer Tool

Term DataTransferTool Prefix eu-gdpr
Label Data Transfer Tool
IRI https://w3id.org/dpv/legal/eu/gdpr#DataTransferTool
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition A legal instrument or tool intended to assist or justify data transfers
Source EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools, GDPR Art.46
Date Created 2021-09-22
Date Modified 2023-10-30
Contributors David Hickey, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.84 DBIA Indicates High Risk

Term DBIAIndicatesHighRisk Prefix eu-gdpr
Label DBIA Indicates High Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DBIAIndicatesHighRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DBIARiskStatus
Broader/Parent types eu-gdpr:DBIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DBIA identifying high risk levels regarding rights and freedoms of natural persons
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.85 DBIA Indicates Low Risk

Term DBIAIndicatesLowRisk Prefix eu-gdpr
Label DBIA Indicates Low Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DBIAIndicatesLowRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DBIARiskStatus
Broader/Parent types eu-gdpr:DBIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DBIA identifying low risk levels regarding rights and freedoms of natural persons
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.86 DBIA Indicates No Risk

Term DBIAIndicatesNoRisk Prefix eu-gdpr
Label DBIA Indicates No Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DBIAIndicatesNoRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DBIARiskStatus
Broader/Parent types eu-gdpr:DBIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DBIA identifying no risk is present regarding rights and freedoms of natural persons
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.87 DBIA Risk Status

Term DBIARiskStatus Prefix eu-gdpr
Label DBIA Risk Status
IRI https://w3id.org/dpv/legal/eu/gdpr#DBIARiskStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Status reflecting the status of risk associated with a DBIA regarding rights and freedoms of natural persons
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.88 Direct Data Collection Notice

Term DirectDataCollectionNotice Prefix eu-gdpr
Label Direct Data Collection Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DirectDataCollectionNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RightFulfilmentNoticedpv:RightExerciseNoticedpv:RightNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure, dpv:isExercisedAt
Definition A Notice provided in fulfilment of GDPR's Art.13 regarding information to be provided where personal data are collected from the data subject
Date Created 2022-11-09
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.89 DPA Breach Initial Notice

Term DPABreachInitialNotice Prefix eu-gdpr
Label DPA Breach Initial Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DPABreachInitialNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DPABreachNoticeeu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice sent by a Controller within 72 hours of becoming aware of a personal data breach to the competent DPA, with justifications provided where the notice is made after 72 hours
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.90 DPA Breach Notice

Term DPABreachNotice Prefix eu-gdpr
Label DPA Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DPABreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice regarding a data breach to the DPA
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.91 DPA Breach Notification Needed

Term DPABreachNotificationNeeded Prefix eu-gdpr
Label DPA Breach Notification Needed
IRI https://w3id.org/dpv/legal/eu/gdpr#DPABreachNotificationNeeded
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNoticeRequirement
Broader/Parent types eu-gdpr:DataBreachNoticeRequirementdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Data Breach notification to the DPA is required
Source
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DATA-BREACH in EU-GDPR

12.1.92 DPA Bundled Breach Notice

Term DPABundledBreachNotice Prefix eu-gdpr
Label DPA Bundled Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DPABundledBreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DPABreachNoticeeu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice sent by a Controller to the DPA regarding multiple data breaches concerning the same type of personal data
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.93 DPA Phased Breach Notice

Term DPAPhasedBreachNotice Prefix eu-gdpr
Label DPA Phased Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#DPAPhasedBreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DPABreachNoticeeu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice sent to a DPA in phases i.e. by providing incremental information as it becomes available or is requested following previously submitted notifications
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.94 DPIA Conformant

Term DPIAConformant Prefix eu-gdpr
Label DPIA Conformant
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAConformant
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAConformity
Broader/Parent types eu-gdpr:DPIAConformitydpv:ConformanceStatusdpv:Statusdpv:Context
Object of relation dpv:hasConformanceStatus, dpv:hasContext, dpv:hasStatus
Definition Expressing the specified process is conformant with a DPIA
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.95 DPIA Conformity

Term DPIAConformity Prefix eu-gdpr
Label DPIA Conformity
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAConformity
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:ConformanceStatusdpv:Statusdpv:Context
Object of relation dpv:hasConformanceStatus, dpv:hasContext, dpv:hasStatus
Definition Conformity of a process with a DPIA
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.96 DPIA Indicates High Risk

Term DPIAIndicatesHighRisk Prefix eu-gdpr
Label DPIA Indicates High Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAIndicatesHighRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DPIARiskStatus
Broader/Parent types eu-gdpr:DPIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA identifying high risk levels
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.97 DPIA Indicates Low Risk

Term DPIAIndicatesLowRisk Prefix eu-gdpr
Label DPIA Indicates Low Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAIndicatesLowRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DPIARiskStatus
Broader/Parent types eu-gdpr:DPIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA identifying low risk levels
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.98 DPIA Indicates No Risk

Term DPIAIndicatesNoRisk Prefix eu-gdpr
Label DPIA Indicates No Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAIndicatesNoRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DPIARiskStatus
Broader/Parent types eu-gdpr:DPIARiskStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA identifying no risk is present
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.99 DPIA Necessity Assessment

Term DPIANecessityAssessment Prefix eu-gdpr
Label DPIA Necessity Assessment
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIANecessityAssessment
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DPIAdpv:RightsImpactAssessmentdpv:ImpactAssessmentdpv:RiskAssessmentdpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasImpactAssessment, dpv:hasOrganisationalMeasure, dpv:hasRiskAssessment, dpv:hasTechnicalOrganisationalMeasure
Definition Process that determines whether a DPIA is necessary
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.100 DPIA Necessity Status

Term DPIANecessityStatus Prefix eu-gdpr
Label DPIA Necessity Status
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIANecessityStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Status reflecting whether a DPIA is necessary
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.101 DPIA Non-Conformant

Term DPIANonConformant Prefix eu-gdpr
Label DPIA Non-Conformant
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIANonConformant
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAConformity
Broader/Parent types eu-gdpr:DPIAConformitydpv:ConformanceStatusdpv:Statusdpv:Context
Object of relation dpv:hasConformanceStatus, dpv:hasContext, dpv:hasStatus
Definition Expressing the specified process is not conformant with a DPIA
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.102 DPIA Not Required

Term DPIANotRequired Prefix eu-gdpr
Label DPIA Not Required
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIANotRequired
Type rdfs:Class, skos:Concept, eu-gdpr:DPIANecessityStatus
Broader/Parent types eu-gdpr:DPIANecessityStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Condition where a DPIA is not required
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.103 DPIA Outcome

Term DPIAOutcome Prefix eu-gdpr
Label DPIA Outcome
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcome
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DPIAdpv:RightsImpactAssessmentdpv:ImpactAssessmentdpv:RiskAssessmentdpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasImpactAssessment, dpv:hasOrganisationalMeasure, dpv:hasRiskAssessment, dpv:hasTechnicalOrganisationalMeasure
Definition Process representing determining outcome of a DPIA
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.104 DPIA Outcome DPA Consultation

Term DPIAOutcomeDPAConsultation Prefix eu-gdpr
Label DPIA Outcome DPA Consultation
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcomeDPAConsultation
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAOutcomeStatus
Broader/Parent types eu-gdpr:DPIAOutcomeStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA outcome status indicating a DPA consultation is required
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.105 DPIA Outcome High Residual Risk

Term DPIAOutcomeHighResidualRisk Prefix eu-gdpr
Label DPIA Outcome High Residual Risk
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcomeHighResidualRisk
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAOutcomeStatus
Broader/Parent types eu-gdpr:DPIAOutcomeStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA outcome status indicating high residual risk which are not acceptable for continuation
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.106 DPIA Outcome Risks Acceptable

Term DPIAOutcomeRisksAcceptable Prefix eu-gdpr
Label DPIA Outcome Risks Acceptable
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcomeRisksAcceptable
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAOutcomeStatus
Broader/Parent types eu-gdpr:DPIAOutcomeStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA outcome status indicating residual risks remain and are acceptable for continuation
Date Created 2024-05-19
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.107 DPIA Outcome Risks Mitigated

Term DPIAOutcomeRisksMitigated Prefix eu-gdpr
Label DPIA Outcome Risks Mitigated
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcomeRisksMitigated
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAOutcomeStatus
Broader/Parent types eu-gdpr:DPIAOutcomeStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition DPIA outcome status indicating (all) risks have been mitigated
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.108 DPIA Outcome Status

Term DPIAOutcomeStatus Prefix eu-gdpr
Label DPIA Outcome Status
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAOutcomeStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Status reflecting the outcomes of a DPIA
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.109 DPIA Procedure

Term DPIAProcedure Prefix eu-gdpr
Label DPIA Procedure
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAProcedure
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:DPIAdpv:RightsImpactAssessmentdpv:ImpactAssessmentdpv:RiskAssessmentdpv:Assessmentdpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasAssessment, dpv:hasImpactAssessment, dpv:hasOrganisationalMeasure, dpv:hasRiskAssessment, dpv:hasTechnicalOrganisationalMeasure
Definition Process representing carrying out a DPIA
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.110 DPIA Processing Recommendation

Term DPIAProcessingRecommendation Prefix eu-gdpr
Label DPIA Processing Recommendation
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIAProcessingRecommendation
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Recommendation from the DPIA regarding processing
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.111 DPIA Recommends Processing Continue

Term DPIARecommendsProcessingContinue Prefix eu-gdpr
Label DPIA Recommends Processing Continue
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIARecommendsProcessingContinue
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAProcessingRecommendation
Broader/Parent types eu-gdpr:DPIAProcessingRecommendationdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Recommendation from a DPIA that the processing may continue
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.112 DPIA Recommends Processing Not Continue

Term DPIARecommendsProcessingNotContinue Prefix eu-gdpr
Label DPIA Recommends Processing Not Continue
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIARecommendsProcessingNotContinue
Type rdfs:Class, skos:Concept, eu-gdpr:DPIAProcessingRecommendation
Broader/Parent types eu-gdpr:DPIAProcessingRecommendationdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Recommendation from a DPIA that the processing should not continue
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section DPIA in EU-GDPR

12.1.113 DPIA Required

Term DPIARequired Prefix eu-gdpr
Label DPIA Required
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIARequired
Type rdfs:Class, skos:Concept, eu-gdpr:DPIANecessityStatus
Broader/Parent types eu-gdpr:DPIANecessityStatusdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Condition where a DPIA is required
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.114 DPIA Risk Status

Term DPIARiskStatus Prefix eu-gdpr
Label DPIA Risk Status
IRI https://w3id.org/dpv/legal/eu/gdpr#DPIARiskStatus
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Status reflecting the status of risk associated with a DPIA
Date Created 2022-06-22
Contributors Harshvardhan J. Pandit
See More: section DPIA in EU-GDPR

12.1.115 Establishment

Term Establishment Prefix eu-gdpr
Label Establishment
IRI https://w3id.org/dpv/legal/eu/gdpr#Establishment
Type rdfs:Class, skos:Concept
Broader/Parent types dpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition Establishment is a Legal Entity which implies the effective and real exercise of activities through stable arrangements (with a presumed parent or primary establishment)
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.116 Fairness Principle

Term FairnessPrinciple Prefix eu-gdpr
Label Fairness Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#FairnessPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be processed processed fairly in relation to the data subject
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.117 GDPR Compliance Unknown

Term GDPRComplianceUnknown Prefix eu-gdpr
Label GDPR Compliance Unknown
IRI https://w3id.org/dpv/legal/eu/gdpr#GDPRComplianceUnknown
Type rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types eu-gdpr:GDPRLawfulnessdpv:Lawfulnessdpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition State where lawfulness or compliance with GDPR is unknown
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section COMPLIANCE in EU-GDPR

12.1.118 GDPR Compliant

Term GDPRCompliant Prefix eu-gdpr
Label GDPR Compliant
IRI https://w3id.org/dpv/legal/eu/gdpr#GDPRCompliant
Type rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types eu-gdpr:GDPRLawfulnessdpv:Lawfulnessdpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition State of being lawful or legally compliant for GDPR
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section COMPLIANCE in EU-GDPR

12.1.119 GDPR Lawfulness

Term GDPRLawfulness Prefix eu-gdpr
Label GDPR Lawfulness
IRI https://w3id.org/dpv/legal/eu/gdpr#GDPRLawfulness
Type rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types dpv:Lawfulnessdpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition Status or state associated with being lawful or legally compliant regarding GDPR
Examples dex:E0055 :: Specifying compliance status and lawfulness
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section COMPLIANCE in DEX

12.1.120 GDPR Non-compliant

Term GDPRNonCompliant Prefix eu-gdpr
Label GDPR Non-compliant
IRI https://w3id.org/dpv/legal/eu/gdpr#GDPRNonCompliant
Type rdfs:Class, skos:Concept, dpv:Lawfulness
Broader/Parent types eu-gdpr:GDPRLawfulnessdpv:Lawfulnessdpv:ComplianceStatusdpv:Statusdpv:Context
Object of relation dpv:hasComplianceStatus, dpv:hasContext, dpv:hasLawfulness, dpv:hasStatus
Definition State of being unlawful or legally non-compliant for GDPR
Date Created 2022-10-22
Contributors Harshvardhan J. Pandit
See More: section COMPLIANCE in EU-GDPR

12.1.121 Indirect Data Collection Notice

Term IndirectDataCollectionNotice Prefix eu-gdpr
Label Indirect Data Collection Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#IndirectDataCollectionNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RightFulfilmentNoticedpv:RightExerciseNoticedpv:RightNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure, dpv:isExercisedAt
Definition A Notice provided in fulfilment of GDPR's Art.14 regarding information to be provided where personal data are not collected from the data subject
Date Created 2022-11-09
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.122 Integrity Breach

Term IntegrityBreach Prefix eu-gdpr
Label Integrity Breach
IRI https://w3id.org/dpv/legal/eu/gdpr#IntegrityBreach
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataBreachrisk:Incident
Object of relation risk:hasIncident
Definition A data breach where there is an unauthorised or accidental alteration of personal data
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.123 Integrity Confidentiality Principle

Term IntegrityConfidentialityPrinciple Prefix eu-gdpr
Label Integrity Confidentiality Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#IntegrityConfidentialityPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.124 Lawfulness Principle

Term LawfulnessPrinciple Prefix eu-gdpr
Label Lawfulness Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#LawfulnessPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be processed processed in a lawful manner in relation to the data subject
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.125 Lead Supervisory Authority

Term LeadSupervisoryAuthority Prefix eu-gdpr
Label Lead Supervisory Authority
IRI https://w3id.org/dpv/legal/eu/gdpr#LeadSupervisoryAuthority
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataProtectionAuthoritydpv:DataProtectionAuthoritydpv:Authoritydpv:GovernmentalOrganisationdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasAuthority, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasConcernedSA, eu-gdpr:hasEstablishment, eu-gdpr:hasLeadSA, eu-gdpr:hasLocalSA, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition Authority with the primary responsibility for dealing with a cross-border data processing activity
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.126 Local Supervisory Authority

Term LocalSupervisoryAuthority Prefix eu-gdpr
Label Local Supervisory Authority
IRI https://w3id.org/dpv/legal/eu/gdpr#LocalSupervisoryAuthority
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:DataProtectionAuthoritydpv:DataProtectionAuthoritydpv:Authoritydpv:GovernmentalOrganisationdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasAuthority, dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasConcernedSA, eu-gdpr:hasEstablishment, eu-gdpr:hasLeadSA, eu-gdpr:hasLocalSA, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition Authority associated with the main or local establishment of an organisation
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.127 Main Establishment

Term MainEstablishment Prefix eu-gdpr
Label Main Establishment
IRI https://w3id.org/dpv/legal/eu/gdpr#MainEstablishment
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:Establishmentdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition A Main Establishment is the place of central administration in the Union unless the decisions on the purposes and means of the processing of personal data are taken in another establishment in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.128 Processor Breach Notice

Term ProcessorBreachNotice Prefix eu-gdpr
Label Processor Breach Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#ProcessorBreachNotice
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNotice
Broader/Parent types eu-gdpr:DataBreachNoticedpv:DataBreachNoticedpv:SecurityIncidentNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Notice regarding a data breach to the Processor
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.129 Processor Breach Notification Needed

Term ProcessorBreachNotificationNeeded Prefix eu-gdpr
Label Processor Breach Notification Needed
IRI https://w3id.org/dpv/legal/eu/gdpr#ProcessorBreachNotificationNeeded
Type rdfs:Class, skos:Concept, eu-gdpr:DataBreachNoticeRequirement
Broader/Parent types eu-gdpr:DataBreachNoticeRequirementdpv:AuditStatusdpv:Statusdpv:Context
Object of relation dpv:hasAuditStatus, dpv:hasContext, dpv:hasStatus
Definition Data Breach notification to the Processor is required
Source
Date Created 2024-05-19
See More: section DATA-BREACH in EU-GDPR

12.1.130 Purpose Limitation Principle

Term PurposeLimitationPrinciple Prefix eu-gdpr
Label Purpose Limitation Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#PurposeLimitationPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.131 Rights Recipients Notice

Term RightsRecipientsNotice Prefix eu-gdpr
Label Rights Recipients Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#RightsRecipientsNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RightFulfilmentNoticedpv:RightExerciseNoticedpv:RightNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure, dpv:isExercisedAt
Definition A Notice provided in fulfilment of GDPR's Art.19 regarding Recipients to whom a rights exercise has been communicated, such as regarding rectification (A.16) or erasure of personal data (A.17) or restriction of processing (A.18)
Date Created 2022-11-09
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.132 SAR Notice

Term SARNotice Prefix eu-gdpr
Label SAR Notice
IRI https://w3id.org/dpv/legal/eu/gdpr#SARNotice
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:RightFulfilmentNoticedpv:RightExerciseNoticedpv:RightNoticedpv:Noticedpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasNotice, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure, dpv:isExercisedAt
Definition A Notice provided in fulfilment of GDPR's Art.15 regarding information to be provided for Right of Access or Subject Access Request (SAR)
Date Created 2022-11-09
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in EU-GDPR

12.1.133 SCCs adopted by Commission

Term SCCByCommission Prefix eu-gdpr
Label SCCs adopted by Commission
IRI https://w3id.org/dpv/legal/eu/gdpr#SCCByCommission
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:StandardContractualClausesdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:StandardContractualClauseseu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Standard contractual clauses adopted by the Commission in accordance with the examination procedure referred to in GDPR Article 93(2)
Source GDPR Art.46-2c
Date Created 2021-09-22
Contributors David Hickey, Paul Ryan, Georg P. Krog, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.134 SCCs adopted by Supervisory Authority

Term SCCBySupervisoryAuthority Prefix eu-gdpr
Label SCCs adopted by Supervisory Authority
IRI https://w3id.org/dpv/legal/eu/gdpr#SCCBySupervisoryAuthority
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:StandardContractualClausesdpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:StandardContractualClauseseu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in GDPR Article 93(2)
Source GDPR Art.46-2d
Date Created 2021-09-22
Contributors David Hickey, Paul Ryan, Georg P. Krog, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.135 Single Establishment

Term SingleEstablishment Prefix eu-gdpr
Label Single Establishment
IRI https://w3id.org/dpv/legal/eu/gdpr#SingleEstablishment
Type rdfs:Class, skos:Concept
Broader/Parent types eu-gdpr:Establishmentdpv:Organisationdpv:LegalEntitydpv:Entity
Object of relation dpv:hasEntity, dpv:hasResponsibleEntity, dpv:hasSubsidiary, dpv:isDeterminedByEntity, dpv:isImplementedByEntity, dpv:isIndicatedBy, dpv:isOrganistionalUnitOf, dpv:isRepresentativeFor, dpv:isSubsidiaryOf, eu-gdpr:hasEstablishment, eu-gdpr:hasMainEstablishment, eu-gdpr:isMainEstablishmentFor
Definition A legal entity that is established in only one Member State
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.1.136 Standard Contractual Clauses (SCC)

Term StandardContractualClauses Prefix eu-gdpr
Label Standard Contractual Clauses (SCC)
IRI https://w3id.org/dpv/legal/eu/gdpr#StandardContractualClauses
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Contractdpv:LegalAgreementdpv:LegalMeasuredpv:TechnicalOrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasLegalMeasure, dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Standard Contractual Clauses (SCCs) are pre-approved clauses by the EU for ensuring appropriate data protection safeguards intended for data transfers from the EU to third countries
Source Implementing Decision on SCC for Data Transfers
Date Created 2021-09-22
Contributors David Hickey, Paul Ryan, Georg P. Krog, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.137 Storage Limitation Principle

Term StorageLimitationPrinciple Prefix eu-gdpr
Label Storage Limitation Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#StorageLimitationPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.1.138 Supplementary Measure

Term SupplementaryMeasure Prefix eu-gdpr
Label Supplementary Measure
IRI https://w3id.org/dpv/legal/eu/gdpr#SupplementaryMeasure
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types eu-gdpr:DataTransferTooldpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Supplementary measures are intended to additionally provide safeguards or guarantees to bring the resulting protection in line with EU requirements
Source EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Date Created 2021-09-22
Contributors David Hickey, Georg P. Krog, Harshvardhan J. Pandit
See More: section DATA-TRANSFERS in EU-GDPR

12.1.139 Transparency Principle

Term TransparencyPrinciple Prefix eu-gdpr
Label Transparency Principle
IRI https://w3id.org/dpv/legal/eu/gdpr#TransparencyPrinciple
Type rdfs:Class, skos:Concept, dpv:OrganisationalMeasure
Broader/Parent types dpv:Principledpv:GuidelinesPrincipledpv:OrganisationalMeasuredpv:TechnicalOrganisationalMeasure
Object of relation dpv:hasOrganisationalMeasure, dpv:hasTechnicalOrganisationalMeasure
Definition Principle stating personal data must be processed processed in a transparent manner in relation to the data subject
Source
Date Created 2024-05-12
Contributors Georg P. Krog
See More: section PRINCIPLES in EU-GDPR

12.2 Properties

12.2.1 has concerned supervisory authority

Term hasConcernedSA Prefix eu-gdpr
Label has concerned supervisory authority
IRI https://w3id.org/dpv/legal/eu/gdpr#hasConcernedSA
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Range includes dpv:DataProtectionAuthority
Definition Indicates a concerned supervisory authority
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.2.2 has establishment

Term hasEstablishment Prefix eu-gdpr
Label has establishment
IRI https://w3id.org/dpv/legal/eu/gdpr#hasEstablishment
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Domain includes dpv:LegalEntity
Range includes dpv:LegalEntity
Definition Indicates an establishment associated with a legal entity
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.2.3 has lead supervisory authority

Term hasLeadSA Prefix eu-gdpr
Label has lead supervisory authority
IRI https://w3id.org/dpv/legal/eu/gdpr#hasLeadSA
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Range includes dpv:DataProtectionAuthority
Definition Indicates the lead supervisory authority
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.2.4 has local supervisory authority

Term hasLocalSA Prefix eu-gdpr
Label has local supervisory authority
IRI https://w3id.org/dpv/legal/eu/gdpr#hasLocalSA
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Range includes dpv:DataProtectionAuthority
Definition Indicates the local supervisory authority
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.2.5 has main establishment

Term hasMainEstablishment Prefix eu-gdpr
Label has main establishment
IRI https://w3id.org/dpv/legal/eu/gdpr#hasMainEstablishment
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Domain includes dpv:LegalEntity
Range includes dpv:LegalEntity
Definition Indicates the legal entity has specified establishment as its main establishment
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.2.6 is main establishment for

Term isMainEstablishmentFor Prefix eu-gdpr
Label is main establishment for
IRI https://w3id.org/dpv/legal/eu/gdpr#isMainEstablishmentFor
Type rdf:Property, skos:Concept
Broader/Parent types dpv:hasEntity
Sub-property of dpv:hasEntity
Domain includes dpv:LegalEntity
Range includes dpv:LegalEntity
Definition Indicates the main establishment for specific legal entity
Source
Date Created 2024-02-14
Contributors Harshvardhan J. Pandit, Georg P. Krog
See More: section ENTITIES in EU-GDPR

12.3 External

DPV uses the following terms from [RDF] and [RDFS] with their defined meanings:

The following external concepts are re-used within DPV:

12.3.1 dcat:Resource

Term dcat:Resource Prefix dcat
Label dcat:Resource
IRI http://www.w3.org/ns/dcat#Resource
Type rdfs:Class, skos:Concept
Usage Note A dataset or catalogue or any other resource provided in fulfilment of a Right Exercise, such as for GDPR's Art.15 regarding Right of Access or Art.20 regarding Right to Data Portability. The associated properties from DCAT and DCMI DCT vocabularies provide convenient means to express metadata such as URL for accessing the data, its temporal validity and access restrictions, and specific datasets present along with their schemas.
Usage Note A dataset, data service, or any other resource associated with Right Exercise - such as for providing a copy of data
Date Created 2022-11-02
Contributors Beatriz Esteves, Georg P. Krog, Harshvardhan J. Pandit
See More: section RIGHTS in DPV

12.3.2 dct:conformsTo

Term dct:conformsTo Prefix dct
Label dct:conformsTo
IRI http://purl.org/dc/terms/conformsTo
Type rdf:Property, skos:Concept
Usage Note For expressing an existing standard, guideline, or requirements to which the DPIA document or process will be conforming to. This could be external guidelines published by an Authority, or internal guidelines established by the organisation
See More: section DPIA in EU-GDPR

12.3.3 dct:coverage

Term dct:coverage Prefix dct
Label dct:coverage
IRI http://purl.org/dc/terms/coverage
Type rdf:Property, skos:Concept
Usage Note For expressing coverage (e.g. jurisdictions, products, services) of the DPIA document or process. For temporal coverage, please see dct:temporal. The coverage can be expressed using dpv:Process, or using another concept, or even be a link or reference to a document, or a textual description
See More:

12.3.4 dct:created

Term dct:created Prefix dct
Label dct:created
IRI http://purl.org/dc/terms/created
Type rdf:Property, skos:Concept
Usage Note For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was created
See More:

12.3.5 dct:dateAccepted

Term dct:dateAccepted Prefix dct
Label dct:dateAccepted
IRI http://purl.org/dc/terms/dateAccepted
Type rdf:Property, skos:Concept
Usage Note For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was accepted through audit or approval
See More: section DPIA in EU-GDPR

12.3.6 dct:dateSubmitted

Term dct:dateSubmitted Prefix dct
Label dct:dateSubmitted
IRI http://purl.org/dc/terms/dateSubmitted
Type rdf:Property, skos:Concept
Usage Note For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was submitted for audit or approval
See More: section DPIA in EU-GDPR

12.3.7 dct:description

Term dct:description Prefix dct
Label dct:description
IRI http://purl.org/dc/terms/description
Type rdf:Property, skos:Concept
Usage Note Indicates a description of the DPIA for human comprehension
See More: section DPIA in EU-GDPR

12.3.8 dct:hasPart

Term dct:hasPart Prefix dct
Label dct:hasPart
IRI http://purl.org/dc/terms/hasPart
Type rdf:Property, skos:Concept
Domain includes dpv:RightExerciseRecord
Range includes dpv:RightExerciseActivity
Usage Note Also used for specifying a RightExerciseRecord has RightExerciseActivity as part of its records
Usage Note For expressing something contains a DPIA document or process contains as a part. For example, as some dpv:DPIA dct:hasPart DPIANecessityAssessment
See More: section RIGHTS in DPV

12.3.9 dct:identifier

Term dct:identifier Prefix dct
Label dct:identifier
IRI http://purl.org/dc/terms/identifier
Type rdf:Property, skos:Concept
Usage Note Indicates an identifier associated with the DPIA documentation or process. Identifiers may be reused from existing systems, or created for the purposes of record management
See More: section DPIA in EU-GDPR

12.3.10 dct:isPartOf

Term dct:isPartOf Prefix dct
Label dct:isPartOf
IRI http://purl.org/dc/terms/isPartOf
Type rdf:Property, skos:Concept
Domain includes dpv:RightExerciseActivity
Range includes dpv:RightExerciseRecord
Usage Note Also used for specifying a RightExerciseActivity is part of a RightExerciseRecord
Usage Note For expressing a DPIA document or process is part of another. For example, as some DPIANecessityAssessment dct:isPartOf some dpv:DPIA
See More: section RIGHTS in DPV

12.3.11 dct:isVersionOf

Term dct:isVersionOf Prefix dct
Label dct:isVersionOf
IRI http://purl.org/dc/terms/isVersionOf
Type rdf:Property, skos:Concept
Usage Note For expressing prior versions or iterations of the DPIA document or process
See More: section DPIA in EU-GDPR

12.3.12 dct:modified

Term dct:modified Prefix dct
Label dct:modified
IRI http://purl.org/dc/terms/modified
Type rdf:Property, skos:Concept
Usage Note For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was last modified
See More:

12.3.13 dct:subject

Term dct:subject Prefix dct
Label dct:subject
IRI http://purl.org/dc/terms/subject
Type rdf:Property, skos:Concept
Usage Note For expressing the subject of the DPIA document or process, where subject refers to the point of focus. For expressing what is affected or included within the DPIA, please see dct:coverage
See More:

12.3.14 dct:temporal

Term dct:temporal Prefix dct
Label dct:temporal
IRI http://purl.org/dc/terms/temporal
Type rdf:Property, skos:Concept
Usage Note For expressing the temporal coverage of the DPIA document or process
See More:

12.3.15 dct:title

Term dct:title Prefix dct
Label dct:title
IRI http://purl.org/dc/terms/title
Type rdf:Property, skos:Concept
Usage Note Indicates a title of the DPIA for human comprehension
See More:

12.3.16 dct:valid

Term dct:valid Prefix dct
Label dct:valid
IRI http://purl.org/dc/terms/valid
Type rdf:Property, skos:Concept
Usage Note Also used for specifying the temporal validity of an activity associated with Right Exercise. For example, limits on duration for providing or accessing provided information
Usage Note For expressing the temporal date or range of validity of the DPIA document or process. This refers to the time period for which the DPIA is considered valid, and does not refer to the temporal period associated with processing (see dct:temporal instead). The assumption is that after this period, the DPIA should be re-evaluated or some process should be triggered
See More: section RIGHTS in DPV

12.3.17 has status

Term dpv:hasStatus Prefix dpv
Label has status
IRI https://w3id.org/dpv#hasStatus
Type rdf:Property, skos:Concept
Domain includes dpv:RightExerciseActivity
Range includes dpv:Status
Definition Indicates the status of specified concept
Usage Note Also used to Indicate the status of a Right Exercise Activity
Usage Note For expressing the status of the DPIA document or process. Here different statuses are used to convey different contextual meanings. For example, dpv:ActivityStatus expresses the state of the activity in terms of whether it is ongoing or completed, and dpv:AuditStatus expresses the state of the audit process in terms of being required, approved, or rejected. These are applied over each step of the DPIA i.e. DPIANecessityAssessment, DPIAProcedure, and DPIAOutcome. Similarly, a process also uses hasStatus with DPIAConformity to indicate adherence to the results of the DPIA process.
Examples dex:E0069 :: Using DPV and RISK extension to represent incidents
Date Created 2022-05-18
Contributors Harshvardhan J. Pandit
See More: section CONTEXT-STATUS in DEX , section RIGHTS in DEX

13. Contributors

The following people have contributed to this vocabulary. The names are ordered alphabetically. The affiliations are informative do not represent formal endorsements. Affiliations may be outdated. The list is generated automatically from the contributors listed for defined concepts.

Funding Acknowledgements

Funding Sponsors

The DPVCG was established as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601 from 2017 to 2019.

Harshvardhan J. Pandit was funded to work on DPV from 2020 to 2022 by the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.

The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards).

Funding Acknowledgements for Contributors

The contributions of Axel Polleres, Javier Fernandez, Piero Bonatti, and Luigi Sauro to the DPVCG have been funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement N. 731601 (project SPECIAL) until 2019, and that for Piero Bonatti and Luigi Sauro were under grant agreement N. 883464 (project TRAPEZE) from 2020 until 2023.

The contributions of Beatriz Esteves have received funding through the PROTECT ITN Project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497.

The contributions of Harshvardhan J. Pandit have been made with the financial support of Science Foundation Ireland under Grant Agreement No. 13/RC/2106_P2 at the ADAPT SFI Research Centre.

A. References

A.1 Informative references

[AI]
AI Technology concepts for DPV. URL: https://w3id.org/dpv/ai
[DCT]
DCMI Metadata Terms (DCT). URL: https://www.dublincore.org/specifications/dublin-core/dcmi-terms/
[DPV]
Data Privacy Vocabulary (DPV) Specification. URL: https://w3id.org/dpv
[DPVCG]
W3C Data Privacy Vocabularies and Controls Community Group (DPVCG). URL: https://www.w3.org/community/dpvcg/
[EU-GDPR]
EU GDPR concepts for DPV. URL: https://w3id.org/dpv/legal/eu/gdpr
[GDPR]
General Data Protection Regulation (GDPR). URL: https://eur-lex.europa.eu/eli/reg/2016/679/oj
[GUIDE-GDPR-DataBreach]
Guide for GDPR Data Breach records, notifications, and assessments using DPV. URL: https://w3id.org/dpv/guides/gdpr-data-breach
[GUIDE-GDPR-DPIA]
Guide for GDPR DPIA's using DPV. URL: https://w3id.org/dpv/guides/gdpr-dpia
[GUIDE-Rights]
Guide for Rights Exercise and Management using DPV. URL: https://w3id.org/dpv/guides/rights
[GUIDES]
Guides for DPV. URL: https://w3id.org/dpv/guides
Legal Jurisdiction-relevant concepts for DPV. URL: https://w3id.org/dpv/legal
[LOC]
Location and Geo-Political Membership concepts for DPV. URL: https://w3id.org/dpv/loc
[PD]
Personal Data categories for DPV. URL: https://w3id.org/dpv/pd
[PRIMER]
Primer for Data Privacy Vocabulary. URL: https://w3id.org/dpv/primer
[RDF]
RDF 1.1 Concepts and Abstract Syntax. URL: https://www.w3.org/TR/rdf11-concepts/
[RDFS]
RDF Schema 1.1. URL: https://www.w3.org/TR/rdf-schema/
[RISK]
Risk Assessment and Management concepts for DPV. URL: https://w3id.org/dpv/risk
[TECH]
Technology concepts for DPV. URL: https://w3id.org/dpv/tech