6536363
doi
10.5281/zenodo.6536363
oai:zenodo.org:6536363
Brennan, Rob
ADAPT Centre, Dublin City University
Pandit, Harshvardhan J.
ADAPT Centre, Trinity College Dublin
DPCat: Specification for an Interoperable and Machine-Readable Data Processing Catalogue based on GDPR
Ryan, Paul
Uniphar PLC, and ADAPT Centre, Dublin City University
doi:10.3390/info13050244
info:eu-repo/semantics/openAccess
Creative Commons Attribution 4.0 International
https://creativecommons.org/licenses/by/4.0/legalcode
GDPR
ROPA
semantic web
data governance
<p>The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a<br>
Register of Processing Activities (ROPA) as part of overseeing the organisation’s compliance processes.<br>
The ROPA must include information from heterogeneous sources such as (internal) departments with<br>
varying IT systems and (external) data processors. Current practices use spreadsheets or proprietary<br>
systems that lack machine-readability and interoperability, presenting barriers to automation. We<br>
propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of<br>
ROPA information, as catalogues in a machine-readable and interoperable manner. DPCat is based<br>
on the Data Catalog Vocabulary (DCAT) and its extension DCAT Application Profile for data portals<br>
in Europe (DCAT-AP), and the Data Privacy Vocabulary (DPV). It represents a comprehensive<br>
semantic model developed from GDPR’s Article and an analysis of the 17 ROPA templates from<br>
EU Data Protection Authorities (DPA). To demonstrate the practicality and feasibility of DPCat,<br>
we present the European Data Protection Supervisor’s (EDPS) ROPA documents using DPCat,<br>
verify them with SHACL to ensure the correctness of information based on legal and contextual<br>
requirements, and produce reports and ROPA documents based on DPA templates using SPARQL.<br>
DPCat supports a data governance process for data processing compliance to harmonise inputs from<br>
heterogeneous sources to produce dynamic documentation that can accommodate differences in<br>
regulatory approaches across DPAs and ease investigative burdens toward efficient enforcement.</p>
<p>DPCat Specification: https://w3id.org/dpcat</p>
<p>Resources: https://w3id.org/dpcat/repo</p>
This research has received funding from Uniphar PLC, and the ADAPT Centre for Digital Content Technology which is funded under the SFI Research Centres Programme (Grant 13/RC/2106_P2) and co-funded by the European Regional Development Fund. Harshvardhan J. Pandit has received funding under the Irish Research Council's Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790.
Zenodo
2022-05-10
info:eu-repo/semantics/article
6448787
published
award_title=ADAPT: Centre for Digital Content Platform Research; award_number=13/RC/2106; funder_id=0271asj38; funder_name=Science Foundation Ireland;
1652233773.62798
995555
md5:1407f05b3988f4bb06145f09f524a391
https://zenodo.org/records/6536363/files/information-13-00244.pdf
public
10.3390/info13050244
Is identical to
doi
10.5281/zenodo.6448787
isVersionOf
doi
Information
13
5
2022-05-10