DPVO-GDPR extends the [[[DPV-OWL]]] to provide taxonomies of concepts such as legal bases, rights, and data transfer tools as defined within the [[[GDPR]]].

The canonical URL for DPVO-GDPR is https://w3id.org/dpv-owl/dpv-gdpr which contains (this) specification. The namespace for DPV terms is https://w3id.org/dpv/dpv-owl/dpv-gdpr#, the suggested prefix is dpvo-gdpr, and this document along with source and releases are available at https://github.com/w3c/dpv.

DPV Family of Documents

Related Links

This document is published by the Data Privacy Vocabularies and Controls Community Group (DPVCG) as a deliverable and report of its work in creating and maintaining the Data Privacy Vocabulary (DPV).

Contributing to the DPV and its extensions The DPVCG welcomes participation regarding the DPV, including expansion or refinement of its terms, addressing open issues, and welcomes suggestions on their resolution or mitigation. For further information, please see the contribution section.

Introduction

The Data Privacy Vocabulary (DPV) provides terms to annotate and categorise instances of legally compliant personal data handling. In particular, the vocabulary provides LegalBasis and DataSubjectRight as top-level concepts representing the various legal bases for justifying processing of personal data and rights provided to the data subject respectively. Since these concepts are specifically defined within the scope of jurisdictional laws, their implementation is provided as a separate vocabulary that extends the DPV, thereby permitting continued usage of DPV as a jurisdiction-agnostic and generic vocabulary.

The DPV-GDPR vocabulary extends the concepts within DPV-OWL, i.e. by using OWL2 to model the ontology. It provides concepts regarding legal bases, data subject rights, data transfer tools, data protection impact assessment (DPIA), and compliance, and provides a compatible extension to be used in combination with the DPV to represent GDPR-specific information.

Rights under GDPR

GDPR provides several rights to the data subject, whose applicability depends on the context and nature of processing taking place. DPV lists these rights at an abstract level as concepts along with their origin in specific clauses of the GDPR.

In addition to DPV's concepts regarding exercise of rights, DPV-GDPR provides additional concepts specific to the implementation of its rights. For example, [=SARNotice=] refers to the information provided in fulfilment of [=A15=] Right of Access, or using dcat:Resource to represent the dataset provided in fulfilment of [=A20=] Right to Data Portability.

Classes

dcat:Resource | A13 Right to be Informed | A14 Right to be Informed | A15 Right of Access | A16 Right to Rectification | A17 Right to Erasure | A18 Right to Restrict Processing | A19 Right to Rectification | A20 Right to Data Portability | A21 Right to object | A22 Right to object to automated decision making | A7-3 Right to Withdraw Consent | A77 Right to Complaint | Direct Data Collection Notice | Indirect Data Collection Notice | Rights Recipients Notice | SAR Notice |

dcat:Resource

IRI http://www.w3.org/ns/dcat#Resource
Term: dcat:Resource
Vocabulary:[[[DCAT]]]
Usage Note:A dataset or catalogue or any other resource provided in fulfilment of a Right Exercise, such as for GDPR's Art.15 regarding Right of Access or Art.20 regarding Right to Data Portability. The associated properties from DCAT and DCMI DCT vocabularies provide convenient means to express metadata such as URL for accessing the data, its temporal validity and acecss restrictions, and specific datasets present along with their schemas.

A13 Right to be Informed

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A13
Term: A13
Label: A13 Right to be Informed
Description: information to be provided where personal data is directly collected from data subject
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.13
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A14 Right to be Informed

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A14
Term: A14
Label: A14 Right to be Informed
Description: information to be provided where personal data is collected from other sources
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.14
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A15 Right of Access

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A15
Term: A15
Label: A15 Right of Access
Description: Right of access
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.15
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A16 Right to Rectification

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A16
Term: A16
Label: A16 Right to Rectification
Description: Right to rectification
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.16
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A17 Right to Erasure

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A17
Term: A17
Label: A17 Right to Erasure
Description: Right to erasure ('Right to be forgotten')
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.17
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A18 Right to Restrict Processing

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A18
Term: A18
Label: A18 Right to Restrict Processing
Description: Right to restriction of processing
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.18
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A19 Right to Rectification

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A19
Term: A19
Label: A19 Right to Rectification
Description: Right to be notified in case of rectification or erasure of personal data or restriction of processing
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.19
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A20 Right to Data Portability

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A20
Term: A20
Label: A20 Right to Data Portability
Description: Right to data portability
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.20
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A21 Right to object

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A21
Term: A21
Label: A21 Right to object
Description: Right to object to processing of personal data
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.21
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A22 Right to object to automated decision making

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A22
Term: A22
Label: A22 Right to object to automated decision making
Description: Right not to be subject to a decision based solely on automated processing including profiling
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.22
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A7-3 Right to Withdraw Consent

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A7-3
Term: A7-3
Label: A7-3 Right to Withdraw Consent
Description: Right to withdraw consent at any time
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.7-3
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

A77 Right to Complaint

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#A77
Term: A77
Label: A77 Right to Complaint
Description: Right to lodge a complaint with a supervisory authority
SubClass of: dpvo:DataSubjectRight
Source: GDPR Art.77
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

Direct Data Collection Notice

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DirectDataCollectionNotice
Term: DirectDataCollectionNotice
Label: Direct Data Collection Notice
Description: A Notice provided in fulfilment of GDPR's Art.13 regarding information to be provided where personal data are collected from the data subject
SubClass of: dpvo:RightFulfilmentNotice
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

Indirect Data Collection Notice

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#IndirectDataCollectionNotice
Term: IndirectDataCollectionNotice
Label: Indirect Data Collection Notice
Description: A Notice provided in fulfilment of GDPR's Art.14 regarding information to be provided where personal data are not collected from the data subject
SubClass of: dpvo:RightFulfilmentNotice
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

Rights Recipients Notice

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#RightsRecipientsNotice
Term: RightsRecipientsNotice
Label: Rights Recipients Notice
Description: A Notice provided in fulfilment of GDPR's Art.19 regarding Recipients to whom a rights exercise has been communicated, such as regarding rectification (A.16) or erasure of personal data (A.17) or restriction of processing (A.18)
SubClass of: dpvo:RightFulfilmentNotice
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

SAR Notice

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#SARNotice
Term: SARNotice
Label: SAR Notice
Description: A Notice provided in fulfilment of GDPR's Art.15 regarding information to be provided for Right of Access or Subject Access Request (SAR)
SubClass of: dpvo:RightFulfilmentNotice
Created:
Contributor(s): Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit

Data Transfer Tools

GDPR regulates data transfers outside the EU/EEA based on jurisdictions the transfer is occurring within and the guarantees available regarding the protection of personal data and fundamental rights. To indicate the sufficiency of a data transfer being compatible and adherent to these requirements, the European Commission provides various 'data transfer tools' based on the legal bases provided within the GDPR. DPV-GDPR models these as follows.

The DPV-GDPR's concepts for transfer tools are currently symbolic, and do not provide a way to actually implement those tools. For example, to represent the information contained within a SCC or BCR. The DPVCG is interested in providing such implementations, and welcomes discussions and contributions for the same.

Classes

AdHoc Contractual Clauses | Binding Corporate Rules (BCR) | Certification Mechanisms for Data Transfers | Codes of Conduct for Data Transfers | Data Transfer Tool | SCCs adopted by Commission | SCCs adopted by Supervisory Authority | Standard Contractual Clauses (SCC) | Supplementary Measure |

AdHoc Contractual Clauses

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#AdHocContractualClauses
Term: AdHocContractualClauses
Label: AdHoc Contractual Clauses
Description: Contractual Clauses not drafted by the EU Commission, e.g. by the Controller
SubClass of: dpvo:Contract, dpvo-gdpr:DataTransferTool
Source: EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Created:
Contributor(s): Harshvardhan J. Pandit

Binding Corporate Rules (BCR)

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#BindingCorporateRules
Term: BindingCorporateRules
Label: Binding Corporate Rules (BCR)
Description: Binding corporate rules (BCR) are data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises.
SubClass of: dpvo-gdpr:DataTransferTool
SuperClass Of: dpvo-gdpr:A46-2-b
Source: GDPR Art.4-20
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

Certification Mechanisms for Data Transfers

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#CertificationMechanismsForDataTransfers
Term: CertificationMechanismsForDataTransfers
Label: Certification Mechanisms for Data Transfers
Description: Certification and its binding or specified mechanisms intended to provide sufficient safeguards for data transfers
SubClass of: dpvo-gdpr:DataTransferTool
Source: EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Created:
Contributor(s): Harshvardhan J. Pandit

Codes of Conduct for Data Transfers

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#CodesOfConductForDataTransfers
Term: CodesOfConductForDataTransfers
Label: Codes of Conduct for Data Transfers
Description: Codes of Conduct that outline sufficient safeguards for carrying out data transfers
SubClass of: dpvo-gdpr:DataTransferTool
Source: EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Created:
Contributor(s): Harshvardhan J. Pandit

Data Transfer Tool

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DataTransferTool
Term: DataTransferTool
Label: Data Transfer Tool
Description: A legal instrument or tool intended to assist or justify data transfers
SubClass of: dpvo:TechnicalOrganisationalMeasure
SuperClass Of: dpvo-gdpr:AdHocContractualClauses, dpvo-gdpr:BindingCorporateRules, dpvo-gdpr:CertificationMechanismsForDataTransfers, dpvo-gdpr:CodesOfConductForDataTransfers, dpvo-gdpr:SCCByCommission, dpvo-gdpr:SCCBySupervisoryAuthority, dpvo-gdpr:StandardContractualClauses, dpvo-gdpr:SupplementaryMeasure
Source: EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools, GDPR Art.46
Created:
Contributor(s): David Hickey, Harshvardhan J. Pandit

SCCs adopted by Commission

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#SCCByCommission
Term: SCCByCommission
Label: SCCs adopted by Commission
Description: Standard contractual clauses adopted by the Commission in accordance with the examination procedure referred to in GDPR Article 93(2)
SubClass of: dpvo-gdpr:DataTransferTool, dpvo-gdpr:StandardContractualClauses
SuperClass Of: dpvo-gdpr:A46-2-c
Source: GDPR Art.46-2c
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

SCCs adopted by Supervisory Authority

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#SCCBySupervisoryAuthority
Term: SCCBySupervisoryAuthority
Label: SCCs adopted by Supervisory Authority
Description: Standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in GDPR Article 93(2)
SubClass of: dpvo-gdpr:DataTransferTool, dpvo-gdpr:StandardContractualClauses
SuperClass Of: dpvo-gdpr:A46-2-d
Source: GDPR Art.46-2d
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

Standard Contractual Clauses (SCC)

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#StandardContractualClauses
Term: StandardContractualClauses
Label: Standard Contractual Clauses (SCC)
Description: Standard Contractual Clauses (SCCs) are pre-approved clauses by the EU for ensuring appropriate data protection safeguards intended for data transfers from the EU to third countries
SubClass of: dpvo:Contract, dpvo-gdpr:DataTransferTool
SuperClass Of: dpvo-gdpr:SCCByCommission, dpvo-gdpr:SCCBySupervisoryAuthority
Source: Implementing Decision on SCC for Data Transfers
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit, Paul Ryan

Supplementary Measure

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#SupplementaryMeasure
Term: SupplementaryMeasure
Label: Supplementary Measure
Description: Supplementary measures are intended to additionally provide safeguards or guarentees to bring the resulting protection in line with EU requirements
SubClass of: dpvo:TechnicalOrganisationalMeasure, dpvo-gdpr:DataTransferTool
Source: EDPB Recommendations 01/2020 on Supplementary Measures and Transfer Tools
Created:
Contributor(s): David Hickey, Georg P Krog, Harshvardhan J. Pandit

DPIA

[[GDPR]] Article 35 specifies the conditions and requirements associated with Data Protection Impact Assessments. DPV-GDPR expands on the DPIA concept defined as an Organisational Measure within DPV by considering a DPIA as consisting of the following iterative process, and providing statuses for documenting their progression and outputs:

  1. Identifying activities for which a DPIA is to be undertaken (represented using DPV and DPV-GDPR)
  2. Checking whether a DPIA is needed as per GDPR Art.35 and other jurisdictional requirements: the activitiy is [=DPIANecessityAssessment=] and its output is denoted using [=DPIANecessityStatus=]
  3. Conducting the DPIA to identify risks and impacts: the activity is [=DPIAProcedure=] and its output is denoted using [=DPIARiskStatus=]
  4. Determining the outcome based on risk mitigation: the activity is [=DPIAOutcome=] and its output is denoted using [=DPIAOutcomeStatus=]
  5. Determining whether processing should be permitted to continue or be carried out, with the outcome being denote using [=DPIAProcessingRecommendation=]
  6. Assessing whether processing is carried out in conformance with the DPIA, with the outcome being denoted using [=DPIAConformity]

In addition to DPV's concepts for representing information about processing of personal data, DPV-GDPR also recommends using [[[DCT]]] concepts to represent relevant metadata, such as dates, identifiers, validity, etc.

The DPVCG is working on updating the [[[DPV-GUIDE-GDPR-DPIA]]] based on recent updates in DPV and DPV-GDPR. In addition to these, we are also working on providing concepts for expressing impacts and risk management within [[[RISK]]].

Classes

DPIA Conformant | DPIA Conformity | DPIA Indicates High Risk | DPIA Indicates Low Risk | DPIA Indicates No Risk | DPIA Necessity Assessment | DPIA Necessity Status | DPIA Non-Conformant | DPIA Not Required | DPIA Outcome | DPIA Outcome DPA Consultation | DPIA Outcome High Residual Risk | DPIA Outcome Risks Mitigated | DPIA Outcome Status | DPIA Procedure | DPIA Processing Recommendation | DPIA Recommends Processing Continue | DPIA Recommends Processing Not Continue | DPIA Required | DPIA Risk Status |

DPIA Conformant

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAConformant
Term: DPIAConformant
Label: DPIA Conformant
Description: Expressing the specified process is conformant with a DPIA
Instance of: dpvo-gdpr:DPIAConformity
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Conformity

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAConformity
Term: DPIAConformity
Label: DPIA Conformity
Description: Conformity of a process with a DPIA
SubClass of: dpvo:ConformanceStatus
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Indicates High Risk

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAIndicatesHighRisk
Term: DPIAIndicatesHighRisk
Label: DPIA Indicates High Risk
Description: DPIA identifying high risk levels
Instance of: dpvo-gdpr:DPIARiskStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Indicates Low Risk

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAIndicatesLowRisk
Term: DPIAIndicatesLowRisk
Label: DPIA Indicates Low Risk
Description: DPIA identifying low risk levels
Instance of: dpvo-gdpr:DPIARiskStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Indicates No Risk

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAIndicatesNoRisk
Term: DPIAIndicatesNoRisk
Label: DPIA Indicates No Risk
Description: DPIA identifying no risk is present
Instance of: dpvo-gdpr:DPIARiskStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Necessity Assessment

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIANecessityAssessment
Term: DPIANecessityAssessment
Label: DPIA Necessity Assessment
Description: Process that determines whether a DPIA is necessary
SubClass of: dpvo:DPIA
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Necessity Status

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIANecessityStatus
Term: DPIANecessityStatus
Label: DPIA Necessity Status
Description: Status reflecting whether a DPIA is necessary
SubClass of: dpvo:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Non-Conformant

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIANonConformant
Term: DPIANonConformant
Label: DPIA Non-Conformant
Description: Expressing the specified process is not conformant with a DPIA
Instance of: dpvo-gdpr:DPIAConformity
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Not Required

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIANotRequired
Term: DPIANotRequired
Label: DPIA Not Required
Description: Condition where a DPIA is not required
Instance of: dpvo-gdpr:DPIANecessityStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Outcome

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAOutcome
Term: DPIAOutcome
Label: DPIA Outcome
Description: Process representing determining outcome of a DPIA
SubClass of: dpvo:DPIA
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Outcome DPA Consultation

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAOutcomeDPAConsultation
Term: DPIAOutcomeDPAConsultation
Label: DPIA Outcome DPA Consultation
Description: DPIA outcome status indicating a DPA consultation is required
Instance of: dpvo-gdpr:DPIAOutcomeStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Outcome High Residual Risk

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAOutcomeHighResidualRisk
Term: DPIAOutcomeHighResidualRisk
Label: DPIA Outcome High Residual Risk
Description: DPIA outcome status indicating high residual risk which are not acceptable for continuation
Instance of: dpvo-gdpr:DPIAOutcomeStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Outcome Risks Mitigated

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAOutcomeRisksMitigated
Term: DPIAOutcomeRisksMitigated
Label: DPIA Outcome Risks Mitigated
Description: DPIA outcome status indicating (all) risks have been mitigated
Instance of: dpvo-gdpr:DPIAOutcomeStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Outcome Status

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAOutcomeStatus
Term: DPIAOutcomeStatus
Label: DPIA Outcome Status
Description: Status reflecting the outcomes of a DPIA
SubClass of: dpvo:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Procedure

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAProcedure
Term: DPIAProcedure
Label: DPIA Procedure
Description: Process representing carrying out a DPIA
SubClass of: dpvo:DPIA
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Processing Recommendation

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIAProcessingRecommendation
Term: DPIAProcessingRecommendation
Label: DPIA Processing Recommendation
Description: Recommendation from the DPIA regarding processing
SubClass of: dpvo:AuditStatus
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Recommends Processing Continue

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIARecommendsProcessingContinue
Term: DPIARecommendsProcessingContinue
Label: DPIA Recommends Processing Continue
Description: Recommendation from a DPIA that the processing may continue
Instance of: dpvo-gdpr:DPIAProcessingRecommendation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Recommends Processing Not Continue

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIARecommendsProcessingNotContinue
Term: DPIARecommendsProcessingNotContinue
Label: DPIA Recommends Processing Not Continue
Description: Recommendation from a DPIA that the processing should not continue
Instance of: dpvo-gdpr:DPIAProcessingRecommendation
Created:
Contributor(s): Georg P Krog, Harshvardhan J. Pandit

DPIA Required

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIARequired
Term: DPIARequired
Label: DPIA Required
Description: Condition where a DPIA is required
Instance of: dpvo-gdpr:DPIANecessityStatus
Created:
Contributor(s): Harshvardhan J. Pandit

DPIA Risk Status

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#DPIARiskStatus
Term: DPIARiskStatus
Label: DPIA Risk Status
Description: Status reflecting the status of risk associated with a DPIA
SubClass of: dpvo:AuditStatus
Created:
Contributor(s): Harshvardhan J. Pandit

Properties

dct:conformsTo | dct:coverage | dct:created | dct:dateAccepted | dct:dateSubmitted | dct:description | dct:hasPart | dct:identifier | dct:isPartOf | dct:isVersionOf | dct:modified | dct:subject | dct:temporal | dct:title | dct:valid | dpv:hasStatus |

dct:conformsTo

IRI http://purl.org/dc/terms/conformsTo
Term: dct:conformsTo
Vocabulary:[[[DCT]]]
Usage Note:For expressing an existing standard, guideline, or requirements to which the DPIA document or process will be conforming to. This could be external guidelines published by an Authority, or internal guidelines established by the organisation
Domain: left blank / unspecified
Range: left blank / unspecified

dct:coverage

IRI http://purl.org/dc/terms/coverage
Term: dct:coverage
Vocabulary:[[[DCT]]]
Usage Note:For expressing coverage (e.g. jurisdictions, products, services) of the DPIA document or process. For temporal coverage, please see dct:temporal. The coverage can be expressed using dpv:PersonalDataHandling, or using another concept, or even be a link or reference to a document, or a textual description
Domain: left blank / unspecified
Range: left blank / unspecified

dct:created

IRI http://purl.org/dc/terms/created
Term: dct:created
Vocabulary:[[[DCT]]]
Usage Note:For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was created
Domain: left blank / unspecified
Range: left blank / unspecified

dct:dateAccepted

IRI http://purl.org/dc/terms/dateAccepted
Term: dct:dateAccepted
Vocabulary:[[[DCT]]]
Usage Note:For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was accepted through audit or approval
Domain: left blank / unspecified
Range: left blank / unspecified

dct:dateSubmitted

IRI http://purl.org/dc/terms/dateSubmitted
Term: dct:dateSubmitted
Vocabulary:[[[DCT]]]
Usage Note:For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was submitted for audit or approval
Domain: left blank / unspecified
Range: left blank / unspecified

dct:description

IRI http://purl.org/dc/terms/description
Term: dct:description
Vocabulary:[[[DCT]]]
Usage Note:Indicates a description of the DPIA for human comprehension
Domain: left blank / unspecified
Range: left blank / unspecified

dct:hasPart

IRI http://purl.org/dc/terms/hasPart
Term: dct:hasPart
Vocabulary:[[[DCT]]]
Usage Note:For expressing something contains a DPIA document or process contains as a part. For example, as some dpv:DPIA dct:hasPart DPIANecessityAssessment
Domain: left blank / unspecified
Range: left blank / unspecified

dct:identifier

IRI http://purl.org/dc/terms/identifier
Term: dct:identifier
Vocabulary:[[[DCT]]]
Usage Note:Indicates an identifier associated with the DPIA documentation or process. Identifiers may be reused from existing systems, or created for the purposes of record management
Domain: left blank / unspecified
Range: left blank / unspecified

dct:isPartOf

IRI http://purl.org/dc/terms/isPartOf
Term: dct:isPartOf
Vocabulary:[[[DCT]]]
Usage Note:For expressing a DPIA document or process is part of another. For example, as some DPIANecessityAssessment dct:isPartOf some dpv:DPIA
Domain: left blank / unspecified
Range: left blank / unspecified

dct:isVersionOf

IRI http://purl.org/dc/terms/isVersionOf
Term: dct:isVersionOf
Vocabulary:[[[DCT]]]
Usage Note:For expressing prior versions or iterations of the DPIA document or process
Domain: left blank / unspecified
Range: left blank / unspecified

dct:modified

IRI http://purl.org/dc/terms/modified
Term: dct:modified
Vocabulary:[[[DCT]]]
Usage Note:For expressing when the documentation (e.g. DPIA Necessity Assessment, or DPIA Procedure, or DPIA outcome) was last modified
Domain: left blank / unspecified
Range: left blank / unspecified

dct:subject

IRI http://purl.org/dc/terms/subject
Term: dct:subject
Vocabulary:[[[DCT]]]
Usage Note:For expressing the subject of the DPIA document or process, where subject refers to the point of focus. For expressing what is affected or included within the DPIA, please see dct:coverage
Domain: left blank / unspecified
Range: left blank / unspecified

dct:temporal

IRI http://purl.org/dc/terms/temporal
Term: dct:temporal
Vocabulary:[[[DCT]]]
Usage Note:For expressing the temporal coverage of the DPIA document or process
Domain: left blank / unspecified
Range: left blank / unspecified

dct:title

IRI http://purl.org/dc/terms/title
Term: dct:title
Vocabulary:[[[DCT]]]
Usage Note:Indicates a title of the DPIA for human comprehension
Domain: left blank / unspecified
Range: left blank / unspecified

dct:valid

IRI http://purl.org/dc/terms/valid
Term: dct:valid
Vocabulary:[[[DCT]]]
Usage Note:For expressing the temporal date or range of validity of the DPIA document or process. This refers to the time period for which the DPIA is considered valid, and does not refer to the temporal period associated with processing (see dct:temporal instead). The assumption is that after this period, the DPIA should be re-evaluated or some process should be triggered
Domain: left blank / unspecified
Range: left blank / unspecified

dpv:hasStatus

IRI https://w3id.org/dpv#hasStatus
Term: dpv:hasStatus
Vocabulary:[[[DPV]]]
Usage Note:For expressing the status of the DPIA document or process. Here different statuses are used to convey different contextual meanings. For example, dpv:ActivityStatus expresses the state of the activity in terms of whether it is ongoing or completed, and dpv:AuditStatus expresses the state of the audit process in terms of being required, approved, or rejected. These are applied over each step of the DPIA i.e. DPIANecessityAssessment, DPIAProcedure, and DPIAOutcome. Similarly, a process also uses hasStatus with DPIAConformity to indicate adherence to the results of the DPIA process.
Domain: left blank / unspecified
Range: left blank / unspecified

Compliance

The concepts in this section reflect the status of processing operations being in compliance with GDPR, by extending the ComplianceStatus from DPV for GDPR. It does not define the requirements for compliance itself.

Classes

GDPR Compliance Unknown | GDPR Compliant | GDPR Lawfulness | GDPR Non-compliant |

GDPR Compliance Unknown

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#GDPRComplianceUnknown
Term: GDPRComplianceUnknown
Label: GDPR Compliance Unknown
Description: State where lawfulness or compliance with GDPR is unknown
Instance of: dpvo-gdpr:GDPRLawulness
Created:
Contributor(s): Harshvardhan J. Pandit

GDPR Compliant

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#GDPRCompliant
Term: GDPRCompliant
Label: GDPR Compliant
Description: State of being lawful or legally compliant for GDPR
Instance of: dpvo-gdpr:GDPRLawulness
Created:
Contributor(s): Harshvardhan J. Pandit

GDPR Lawfulness

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#GDPRLawfulness
Term: GDPRLawfulness
Label: GDPR Lawfulness
Description: Status or state associated with being lawful or legally compliant regarding GDPR
SubClass of: dpvo:Lawfulness
Created:
Contributor(s): Harshvardhan J. Pandit

GDPR Non-compliant

IRI https://w3id.org/dpv/dpv-owl/dpv-gdpr#GDPRNonCompliant
Term: GDPRNonCompliant
Label: GDPR Non-compliant
Description: State of being unlawful or legally non-compliant for GDPR
Instance of: dpvo-gdpr:GDPRLawulness
Created:
Contributor(s): Harshvardhan J. Pandit

Funding Acknowledgements

Funding Sponsors

The DPVCG and DPV were initiated as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601. The SPECIAL project ran over a 3-year period from 2017 to 2019.

Harshvardhan J. Pandit was funded by the Irish Research Council Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790 for working within the DPVCG and contributing to the DPV. The fellowship lasted from 2020 to 2022.

Funding Acknowledgements for Contributors

The contributions of Piero Bonatti and Luigi Sauro to the DPVCG have been funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement N. 731601 (project SPECIAL) until 2019, and under grant agreement N. 883464 (project TRAPEZE) from 2020 until 2023.

The contributions of Beatriz Esteves have received funding through the PROTECT ITN Project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497.

The contributions of Harshvardhan J. Pandit have received funding from the ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards)

Proposed Terms

The following terms have been proposed for inclusion, and are under discussion. They are provided here for illustrative purposes and should not be considered as part of DPV.

legal_basis dpia compliance

Deprecated Terms