Published June 30, 2022 | Version preprint
Conference paper Open

A Semantic Specification for Data Protection Impact Assessments (DPIA)

  • 1. ADAPT Centre, Trinity College Dublin


The GDPR requires assessing and conducting a Data Protection Impact Assessment (DPIA) for processing of personal data that may result in high risk and impact to the data subjects. Documenting this process requires information about processing activities, entities and their roles, risks, mitigations and resulting im- pacts, and consultations. Given the complexities, impact assessments are difficult for stakeholders to identify relevant risks and mitigations, especially for emerging technologies and specific considerations in their use-cases, and to document out- comes in a consistent and reusable manner. We address this challenge by utilising linked-data to represent DPIA related information so that it can be better managed and shared in an interoperable manner. For this, we consulted the guidance docu- ments produced by EU Data Protection Authorities (DPA) regarding DPIA and by ENISA regarding risk management. The outcome of our efforts is an extension to the Data Privacy Vocabulary (DPV) for documenting DPIAs and an ontology for risk management based on ISO 31000 family of standards. Our contributions fill an important gap within the state of the art, and paves the way for shared impact assessments with future regulations such as for AI and Cybersecurity.


This work has been funded by Irish Research Council Government of Ireland Postdoctoral Fellow- ship Grant#GOIPD/2020/790. The ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Re- gional Development Fund (ERDF) through Grant#13/RC/2106 P2.



Files (554.7 kB)

Name Size Download all
554.7 kB Preview Download

Additional details


ADAPT: Centre for Digital Content Platform Research 13/RC/2106
Science Foundation Ireland