A common semantic model of the GDPR register of processing activities
Ryan, Paul, Pandit, Harshvardhan J.ORCID: 0000-0002-5068-3714 and Brennan, RobORCID: 0000-0001-8236-362X
(2020)
A common semantic model of the GDPR register of processing activities.
In: 33rd International Conference on Legal Knowledge and Information Systems (JURIX 2020), 9-11 Dec 2020, Prague, Czech Republic (Online).
ISBN 978-1-64368-150-4
The creation and maintenance of a Register of Processing Activities (ROPA) is an essential process for the demonstration of GDPR compliance. We analyse ROPA templates from six EU Data Protection Regulators and show that template scope and granularity vary widely between jurisdictions. We then propose a flexible, consolidated data model for consistent processing of ROPAs (CSM-ROPA). We analyse the extent that the Data Privacy Vocabulary (DPV) can be used to express CSM-ROPA. We find that it does not directly address modelling ROPAs, and so needs additional concept definitions. We provide a mapping of our CSM-ROPA to an extension of the Data Privacy Vocabulary.