Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

Building a data processing activities catalog: representing heterogeneous compliance-related information for GDPR using DCAT-AP and DPV

Ryan, Paul, Pandit, Harshvardhan J. orcid logoORCID: 0000-0002-5068-3714 and Brennan, Rob orcid logoORCID: 0000-0001-8236-362X (2021) Building a data processing activities catalog: representing heterogeneous compliance-related information for GDPR using DCAT-AP and DPV. In: Semantics EU 2021, 6-9 Sept 2021, Amsterdam, Netherlands and Online. ISBN 978-1-64368-200-6

Abstract
This paper describes a new semantic metadata-based approach to describing and integrating diverse data processing activity descriptions gathered from heterogeneous organisational sources such as departments, divisions, and external processors. This information must be collated to assess and document GDPR legal compliance, such as creating a Register of Processing Activities (ROPA). Most GDPR knowledge graph research to date has focused on developing detailed compliance graphs. However, many organisations already have diverse data collection tools for documenting data processing activities, and this heterogeneity is likely to grow in the future. We provide a new approach extending the well-known DCAT-AP standard utilising the data privacy vocabulary (DPV) to express the concepts necessary to complete a ROPA. This approach enables data catalog implementations to merge and federate the metadata for a ROPA without requiring full alignment or merging all the underlying data sources. To show our approach's feasibility, we demonstrate a deployment use case and develop a prototype system based on diverse data processing records and a standard set of SPARQL queries for a Data Protection Officer preparing a ROPA to monitor compliance. Our catalog's key benefits are that it is a lightweight, metadata-level integration point with a low cost of compliance information integration, capable of representing processing activities from heterogeneous sources.
Metadata
Item Type:Conference or Workshop Item (Paper)
Event Type:Conference
Refereed:Yes
Uncontrolled Keywords:Legal Compliance; Data Governance
Subjects:Computer Science > Information storage and retrieval systems
Social Sciences > Law
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Institutes and Centres > ADAPT
Published in: Further with Knowledge Graphs. Studies on the Semantic Web 53. IOS. ISBN 978-1-64368-200-6
Publisher:IOS
Official URL:https://doi.org/10.3233/SSW210043
Copyright Information:© 2021 The Authors. Open Access (CC-BY-4.0)
Funders:ADAPT - under the SFI Research Centres Programme (Grant 13/RC/2106_P2) and the European Regional Development Fund, Paul Ryan - Uniphar PLC, Harshvardhan J. Pandit - Irish Research Council Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790 and the European Union's Horizon 2020 research and innovation programme under NGI TRUST Grant#825618 for Project#3.40 Priv
ID Code:26008
Deposited On:08 Sep 2021 08:36 by Vidatum Academic . Last Modified 16 Jan 2023 16:39
Documents

Full text available as:

[thumbnail of BuildingaDataProcessingActivitiesCatalogRepresentingHeterogeneousCompliance-relatedInformationforGDPRusingDCATAPandDPV.pdf]
Preview
 PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
257kB
Downloads

Downloads

Downloads per month over past year

Archive Staff Only: edit this record