A common semantic model of the GDPR register of processing activities
Ryan, PaulORCID: 0000-0003-0770-2737, Pandit, Harshvardhan J.ORCID: 0000-0002-5068-3714 and Brennan, RobORCID: 0000-0001-8236-362X
(2021)
A common semantic model of the GDPR register of processing activities.
In: 33rd International Conference on Legal Knowledge and Information Systems, 9-11 Dec 2020, Online.
ISBN 978-164368150-4
The creation and maintenance of a Register of Processing Activities
(ROPA) is an essential process for the demonstration of GDPR compliance. We
analyse ROPA templates from six EU Data Protection Regulators and show that
template scope and granularity vary widely between jurisdictions. We then propose
a flexible, consolidated data model for consistent processing of ROPAs (CSMROPA). We analyse the extent that the Data Privacy Vocabulary (DPV) can be used
to express CSM-ROPA. We find that it does not directly address modelling ROPAs,
and so needs additional concept definitions. We provide a mapping of our CSMROPA to an extension of the Data Privacy Vocabulary.