Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

DPCat: Specification for an interoperable and machine-readable data processing catalogue based on GDPR

Ryan, Paul orcid logoORCID: 0000-0003-0770-2737, Brennan, Rob orcid logoORCID: 0000-0001-8236-362X and Harshvardhan, J. Pandit orcid logoORCID: 0000-0002-5068-3714 (2022) DPCat: Specification for an interoperable and machine-readable data processing catalogue based on GDPR. Information, 13 (5). ISSN 2078-2489

The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a Register of Processing Activities (ROPA) as part of overseeing the organisation’s compliance processes. The ROPA must include information from heterogeneous sources such as (internal) departments with varying IT systems and (external) data processors. Current practices use spreadsheets or proprietary systems that lack machine-readability and interoperability, presenting barriers to automation. We propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of ROPA information, as catalogues in a machine-readable and interoperable manner. DPCat is based on the Data Catalog Vocabulary (DCAT) and its extension DCAT Application Profile for data portals in Europe (DCAT-AP), and the Data Privacy Vocabulary (DPV). It represents a comprehensive semantic model developed from GDPR’s Article and an analysis of the 17 ROPA templates from EU Data Protection Authorities (DPA). To demonstrate the practicality and feasibility of DPCat, we present the European Data Protection Supervisor’s (EDPS) ROPA documents using DPCat, verify them with SHACL to ensure the correctness of information based on legal and contextual requirements, and produce reports and ROPA documents based on DPA templates using SPARQL. DPCat supports a data governance process for data processing compliance to harmonise inputs from heterogeneous sources to produce dynamic documentation that can accommodate differences in regulatory approaches across DPAs and ease investigative burdens toward efficient enforcement.
Item Type:Article (Published)
Additional Information:Article number: 244
Uncontrolled Keywords:GDPR; data governance; semantic-web
Subjects:Computer Science > World Wide Web
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Institutes and Centres > ADAPT
Official URL:https://doi.org/10.3390/info13050244
Copyright Information:© 2022 The Authors.
ID Code:27758
Deposited On:21 Sep 2022 15:58 by Thomas Murtagh . Last Modified 23 Mar 2023 14:58

Full text available as:

[thumbnail of information-13-00244-v3.pdf]
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Creative Commons: Attribution 4.0


Downloads per month over past year

Archive Staff Only: edit this record