DPV-GDPR extends the [[[DPV]]] to provide taxonomies of concepts such as legal bases, rights, and data transfer tools as defined within the [[[GDPR]]].
The canonical URL for DPV-GDPR is https://w3id.org/dpv/dpv-gdpr which contains (this) specification. The namespace for DPV terms is https://w3id.org/dpv/dpv-gdpr#
, the suggested prefix is dpv-gdpr
, and this document along with source and releases are available at https://github.com/w3c/dpv.
Contributing: The DPVCG welcomes participation to improve the DPV and associated resources, including expansion or refinement of concepts, requesting information and applications, and addressing open issues. See contributing page for further information.
Introduction
The Data Privacy Vocabulary (DPV) provides terms to annotate and categorise instances of legally compliant personal data handling. In particular, the vocabulary provides LegalBasis
and DataSubjectRight
as top-level concepts representing the various legal bases for justifying processing of personal data and rights provided to the data subject respectively. Since these concepts are specifically defined within the scope of jurisdictional laws, their implementation is provided as a separate vocabulary that extends the DPV, thereby permitting continued usage of DPV as a jurisdiction-agnostic and generic vocabulary.
The DPV-GDPR vocabulary extends the concepts within DPV regarding legal bases, data subject rights, data transfer tools, data protection impact assessment (DPIA), and compliance, and provides a compatible extension to be used in combination with the DPV to represent GDPR-specific information.
Legal Basis under GDPR
The GDPR Article 6 specifies that it is mandatory for every processing to have one (or more) legal basis that justifies its compliance. These are represented as Core Legal Basis. In addition, Articles 9 legal basis are represented as legal basis for Special Category Personal Data, and those from Articles 45, 46, and 49 are represented as legal basis for Data Transfer.
DPV and DPV-GDPR only define the legal basis as concepts, and do not define or provide information associated with their validity. For example, determining whether consent is valid, or the appropriateness of a legal basis for its application in a use-case. The DPVCG is interested in providing such "helpful assistance" through semantics, and welcomes discussions and contributions for the same.
Legal Basis
Core Legal Bases
-
eu-gdpr:A6-1-a: Legal basis based on data subject's given consent to the processing of his or her personal data for one or more specific purposes
go to full definition
-
eu-gdpr:A6-1-a-explicit-consent: Legal basis based on data subject's given explicit consent to the processing of his or her personal data for one or more specific purposes
go to full definition
-
eu-gdpr:A6-1-a-non-explicit-consent: Legal basis based on data subject's given non-explicit express consent to the processing of his or her personal data for one or more specific purposes
go to full definition
-
eu-gdpr:A6-1-b: Legal basis based on performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
go to full definition
-
eu-gdpr:A6-1-b-contract-performance: Legal basis based on performance of a contract to which the data subject is party
go to full definition
-
eu-gdpr:A6-1-b-enter-into-contract: Legal basis based on taking steps at the request of the data subject prior to entering into a contract
go to full definition
-
eu-gdpr:A6-1-c: Legal basis based on compliance with a legal obligation to which the controller is subject
go to full definition
-
eu-gdpr:A6-1-d: Legal basis based on protecting the vital interests of the data subject or of another natural person
go to full definition
-
eu-gdpr:A6-1-d-data-subject: Legal basis based on protecting the vital interests of the data subject
go to full definition
-
eu-gdpr:A6-1-d-natural-person: Legal basis based on protecting the vital interests of another natural person that is not the data subject
go to full definition
-
eu-gdpr:A6-1-e: Legal basis based on performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
go to full definition
-
eu-gdpr:A6-1-e-official-authority: Legal basis based on the exercise of official authority vested in the controller
go to full definition
-
eu-gdpr:A6-1-e-public-interest: Legal basis based on performance of a task carried out in the public interest
go to full definition
-
eu-gdpr:A6-1-f: Legal basis based on the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
go to full definition
-
eu-gdpr:A6-1-f-controller: Legal basis based on the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
go to full definition
-
eu-gdpr:A6-1-f-third-party: Legal basis based on the purposes of the legitimate interests pursued by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child
go to full definition
Special Category Personal Data
-
eu-gdpr:A9-2-a: explicit consent with special categories of data
go to full definition
-
eu-gdpr:A9-2-b: employment and social security and social protection law
go to full definition
-
eu-gdpr:A9-2-c: protection of the vital interests
go to full definition
-
eu-gdpr:A9-2-d: legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
go to full definition
-
eu-gdpr:A9-2-e: data manifestly made public by the data subject
go to full definition
-
eu-gdpr:A9-2-f: establishment, exercise or defence of legal claims / courts acting in their judicial capacity
go to full definition
-
eu-gdpr:A9-2-g: substantial public interest, on the basis of Union or Member State law
go to full definition
-
eu-gdpr:A9-2-h: preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3
go to full definition
-
eu-gdpr:A9-2-i: public interest in public health
go to full definition
-
eu-gdpr:A9-2-j: public interest, scientific or historical research purposes or statistical purposes based on Union or Member State law
go to full definition
Data Transfer
-
eu-gdpr:A45-3: Personal data can flow freely from the EU to a third country with an Adequacy Decision without any further safeguard being necessary.
go to full definition
-
eu-gdpr:A46-2-a: A legally binding and enforceable instrument between public authorities or bodies
go to full definition
-
eu-gdpr:A46-2-b: Binding corporate rules
go to full definition
-
eu-gdpr:A46-2-c: Standard data protection clauses adopted by the Commission
go to full definition
-
eu-gdpr:A46-2-d: Standard data protection clauses adopted by a Supervisory Authority
go to full definition
-
eu-gdpr:A46-2-e: An approved code of conduct pursuant to GDPR Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards individuals´ rights
go to full definition
-
eu-gdpr:A46-2-f: An approved certification mechanism pursuant to GDPR Article 42 together with binding and enforceable commitments of the controller or processor in the third country to appy the appropriate safeguards, including as regards individuals` rights
go to full definition
-
eu-gdpr:A46-3-a: Contractual clauses with controller, processor or recipient of the personal data in the third country or the international organisation.
go to full definition
-
eu-gdpr:A46-3-b: Provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights
go to full definition
-
eu-gdpr:A49-1-a: The data subject has explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards.
go to full definition
-
eu-gdpr:A49-1-b: The transfer is necessary for the performance of a contract between the data subject and controller or the implementation of pre-contractual measures taken at the data subject´s request.
go to full definition
-
eu-gdpr:A49-1-c: The transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject and controller and another natural or legal person.
go to full definition
-
eu-gdpr:A49-1-d: The transfer is necessary for important reasons of public interest.
go to full definition
-
eu-gdpr:A49-1-e: The transfer is necessary for the establishment, exercise or defence of legal claims.
go to full definition
-
eu-gdpr:A49-1-f: The transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the person is physically or legally incapable of giving consent.
go to full definition
-
eu-gdpr:A49-1-g: The transfer is made from a register which according to Union or Member State law is intended to provide information to the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case.
go to full definition
-
eu-gdpr:A49-2: The transfer is not repetetive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by controller which are not overridden by the interests or rights and freedoms of the data subject, and controller has assessed all the circumstances surrounding the data transfer and have on the basis of that assessment provided suitable safeguards with regard to the protection of personal data.
go to full definition
Rights under GDPR
GDPR provides several rights to the data subject, whose applicability depends on the context and nature of processing taking place. DPV lists these rights at an abstract level as concepts along with their origin in specific clauses of the GDPR.
In addition to DPV's concepts regarding exercise of rights, DPV-GDPR provides additional concepts specific to the implementation of its rights. For example, [=SARNotice=] refers to the information provided in fulfilment of [=A15=] Right of Access, or using [=dcat:Resource=] to represent the dataset provided in fulfilment of [=A20=] Right to Data Portability.
-
eu-gdpr:A13: information to be provided where personal data is directly collected from data subject
go to full definition
-
eu-gdpr:A14: information to be provided where personal data is collected from other sources
go to full definition
-
eu-gdpr:A15: Right of access
go to full definition
-
eu-gdpr:A16: Right to rectification
go to full definition
-
eu-gdpr:A17: Right to erasure ('Right to be forgotten')
go to full definition
-
eu-gdpr:A18: Right to restriction of processing
go to full definition
-
eu-gdpr:A19: Right to be notified in case of rectification or erasure of personal data or restriction of processing
go to full definition
-
eu-gdpr:A20: Right to data portability
go to full definition
-
eu-gdpr:A21: Right to object to processing of personal data
go to full definition
-
eu-gdpr:A22: Right not to be subject to a decision based solely on automated processing including profiling
go to full definition
-
eu-gdpr:A7-3: Right to withdraw consent at any time
go to full definition
-
eu-gdpr:A77: Right to lodge a complaint with a supervisory authority
go to full definition
-
eu-gdpr:DirectDataCollectionNotice: A Notice provided in fulfilment of GDPR's Art.13 regarding information to be provided where personal data are collected from the data subject
go to full definition
-
eu-gdpr:IndirectDataCollectionNotice: A Notice provided in fulfilment of GDPR's Art.14 regarding information to be provided where personal data are not collected from the data subject
go to full definition
-
eu-gdpr:RightsRecipientsNotice: A Notice provided in fulfilment of GDPR's Art.19 regarding Recipients to whom a rights exercise has been communicated, such as regarding rectification (A.16) or erasure of personal data (A.17) or restriction of processing (A.18)
go to full definition
-
eu-gdpr:SARNotice: A Notice provided in fulfilment of GDPR's Art.15 regarding information to be provided for Right of Access or Subject Access Request (SAR)
go to full definition
Legal Basis - Rights Mappings
Data Transfer Tools
GDPR regulates data transfers outside the EU/EEA based on jurisdictions the transfer is occurring within and the guarantees available regarding the protection of personal data and fundamental rights. To indicate the sufficiency of a data transfer being compatible and adherent to these requirements, the European Commission provides various 'data transfer tools' based on the legal bases provided within the GDPR. DPV-GDPR models these as follows.
The DPV-GDPR's concepts for transfer tools are currently symbolic, and do not provide a way to actually implement those tools. For example, to represent the information contained within a SCC or BCR. The DPVCG is interested in providing such implementations, and welcomes discussions and contributions for the same.
-
eu-gdpr:DataTransferTool: A legal instrument or tool intended to assist or justify data transfers
go to full definition
-
eu-gdpr:AdHocContractualClauses: Contractual Clauses not drafted by the EU Commission, e.g. by the Controller
go to full definition
-
eu-gdpr:BindingCorporateRules: Binding corporate rules (BCR) are data protection policies adhered to by companies established in the EU for transfers of personal data outside the EU within a group of undertakings or enterprises.
go to full definition
-
eu-gdpr:CertificationMechanismsForDataTransfers: Certification and its binding or specified mechanisms intended to provide sufficient safeguards for data transfers
go to full definition
-
eu-gdpr:CodesOfConductForDataTransfers: Codes of Conduct that outline sufficient safeguards for carrying out data transfers
go to full definition
-
eu-gdpr:SCCByCommission: Standard contractual clauses adopted by the Commission in accordance with the examination procedure referred to in GDPR Article 93(2)
go to full definition
-
eu-gdpr:SCCBySupervisoryAuthority: Standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in GDPR Article 93(2)
go to full definition
-
eu-gdpr:StandardContractualClauses: Standard Contractual Clauses (SCCs) are pre-approved clauses by the EU for ensuring appropriate data protection safeguards intended for data transfers from the EU to third countries
go to full definition
-
eu-gdpr:SCCByCommission: Standard contractual clauses adopted by the Commission in accordance with the examination procedure referred to in GDPR Article 93(2)
go to full definition
-
eu-gdpr:SCCBySupervisoryAuthority: Standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in GDPR Article 93(2)
go to full definition
-
eu-gdpr:SupplementaryMeasure: Supplementary measures are intended to additionally provide safeguards or guarentees to bring the resulting protection in line with EU requirements
go to full definition
DPIA
[[GDPR]] Article 35 specifies the conditions and requirements associated with Data Protection Impact Assessments. DPV-GDPR expands on the DPIA
concept defined as an Organisational Measure within DPV by considering a DPIA as consisting of the following iterative process, and providing statuses for documenting their progression and outputs:
- Identifying activities for which a DPIA is to be undertaken (represented using DPV and DPV-GDPR)
- Checking whether a DPIA is needed as per GDPR Art.35 and other jurisdictional requirements: the activitiy is [=DPIANecessityAssessment=] and its output is denoted using [=DPIANecessityStatus=]
- Conducting the DPIA to identify risks and impacts: the activity is [=DPIAProcedure=] and its output is denoted using [=DPIARiskStatus=]
- Determining the outcome based on risk mitigation: the activity is [=DPIAOutcome=] and its output is denoted using [=DPIAOutcomeStatus=]
- Determining whether processing should be permitted to continue or be carried out, with the outcome being denote using [=DPIAProcessingRecommendation=]
- Assessing whether processing is carried out in conformance with the DPIA, with the outcome being denoted using [=DPIAConformity=]
In addition to DPV's concepts for representing information about processing of personal data, DPV-GDPR also recommends using [[[DCT]]] concepts to represent relevant metadata, such as dates, identifiers, validity, etc.
The DPVCG is working on updating the [[[GUIDE-GDPR-DPIA]]] based on recent updates in DPV and DPV-GDPR. In addition to these, we are also working on providing concepts for expressing impacts and risk management within [[[RISK]]].
-
eu-gdpr:DPIAConformity: Conformity of a process with a DPIA
go to full definition
-
eu-gdpr:DPIAConformant: Expressing the specified process is conformant with a DPIA
go to full definition
-
eu-gdpr:DPIANonConformant: Expressing the specified process is not conformant with a DPIA
go to full definition
-
eu-gdpr:DPIANecessityAssessment: Process that determines whether a DPIA is necessary
go to full definition
-
eu-gdpr:DPIANecessityStatus: Status reflecting whether a DPIA is necessary
go to full definition
-
eu-gdpr:DPIAOutcome: Process representing determining outcome of a DPIA
go to full definition
-
eu-gdpr:DPIAOutcomeStatus: Status reflecting the outcomes of a DPIA
go to full definition
-
eu-gdpr:DPIAOutcomeDPAConsultation: DPIA outcome status indicating a DPA consultation is required
go to full definition
-
eu-gdpr:DPIAOutcomeHighResidualRisk: DPIA outcome status indicating high residual risk which are not acceptable for continuation
go to full definition
-
eu-gdpr:DPIAOutcomeRisksMitigated: DPIA outcome status indicating (all) risks have been mitigated
go to full definition
-
eu-gdpr:DPIAProcedure: Process representing carrying out a DPIA
go to full definition
-
eu-gdpr:DPIAProcessingRecommendation: Recommendation from the DPIA regarding processing
go to full definition
-
eu-gdpr:DPIARecommendsProcessingContinue: Recommendation from a DPIA that the processing may continue
go to full definition
-
eu-gdpr:DPIARecommendsProcessingNotContinue: Recommendation from a DPIA that the processing should not continue
go to full definition
-
eu-gdpr:DPIARiskStatus: Status reflecting the status of risk associated with a DPIA
go to full definition
Establishment and Authorities
The concepts in this section reflect the establishment of organisations in the Union and the association of Authorities
Establishment
-
eu-gdpr:Establishment: Establishment is a Legal Entity which implies the effective and real exercise of activities through stable arrangements (with a presumed parent or primary establishment)
go to full definition
-
eu-gdpr:MainEstablishment: A Main Establishment is the place of central administration in the Union unless the decisions on the purposes and means of the processing of personal data are taken in another establishment in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment
go to full definition
-
eu-gdpr:SingleEstablishment: A legal entity that is established in only one Member State
go to full definition
Authorities
-
eu-gdpr:ConcernedSupervisoryAuthority: Authority with other than lead supervisory authority who is involved in dealing with a cross-border data processing activity
go to full definition
-
eu-gdpr:LeadSupervisoryAuthority: Authority with the primary responsibility for dealing with a cross-border data processing activity
go to full definition
-
eu-gdpr:LocalSupervisoryAuthority: Authority associated with the main or local establishment of an organisation
go to full definition
Compliance
The concepts in this section reflect the status of processing operations being in compliance with GDPR, by extending the ComplianceStatus
from DPV for GDPR. It does not define the requirements for compliance itself.
-
eu-gdpr:GDPRLawfulness: Status or state associated with being lawful or legally compliant regarding GDPR
go to full definition
Vocabulary Index
Classes
Art 46(2-c) Standard Contractual Clauses (SCC) by EC
Art 46(2-d) Standard Contractual Clauses (SCC) by DPA
Art 49(1-g) public register
Term |
A49-1-g |
Prefix |
eu-gdpr |
Label |
Art 49(1-g) public register |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A49-1-g |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:DataTransferLegalBasis
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
The transfer is made from a register which according to Union or Member State law is intended to provide information to the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by Union or Member State law for consultation are fulfilled in the particular case. |
Usage Note |
Transfer from EU to a third country. Third country has not Adequacy Decision. Appropriate safeguards do not exist. |
Source |
GDPR Art.49-1g |
Date Created |
2020-11-04 |
Date Modified |
2021-09-08 |
Contributors |
Georg P Krog |
See More |
section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
|
Art 49(2) legitimate interests
Term |
A49-2 |
Prefix |
eu-gdpr |
Label |
Art 49(2) legitimate interests |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A49-2 |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:DataTransferLegalBasis
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:LegitimateInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
The transfer is not repetetive, concerns only a limited number of data subjects, is necessary for the purposes of compelling legitimate interests pursued by controller which are not overridden by the interests or rights and freedoms of the data subject, and controller has assessed all the circumstances surrounding the data transfer and have on the basis of that assessment provided suitable safeguards with regard to the protection of personal data. |
Usage Note |
Transfer from EU to a third country. Third country has no Adequacy Decision. Appropriate safeguards do not exist and no other options apply. |
Source |
GDPR Art.49-2 |
Date Created |
2020-11-04 |
Date Modified |
2021-09-08 |
Contributors |
Georg P Krog |
See More |
section LEGAL-BASIS-DATA-TRANSFER in EU-GDPR
|
Art.6(1-a) consent
Term |
A6-1-a |
Prefix |
eu-gdpr |
Label |
Art.6(1-a) consent |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-a |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:ExpressedConsent
→ dpv:InformedConsent
→ dpv:Consent
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on data subject's given consent to the processing of his or her personal data for one or more specific purposes |
Usage Note |
Consent can be explicit or non-explicit. To express these specifically, see the explicit and non-explicit variations provided for Art.6-1a. |
Source |
GDPR Art.6-1a |
Date Created |
2022-09-07 |
Date Modified |
2022-11-24 |
Contributors |
Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A20 Right to Data Portability
,
A22 Right to object to automated decision making
,
A7-3 Right to Withdraw Consent
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-a) explicit consent
Term |
A6-1-a-explicit-consent |
Prefix |
eu-gdpr |
Label |
Art 6(1-a) explicit consent |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-a-explicit-consent |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-a
→ dpv:ExpressedConsent
→ dpv:InformedConsent
→ dpv:Consent
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:ExplicitlyExpressedConsent
→ dpv:ExpressedConsent
→ dpv:InformedConsent
→ dpv:Consent
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on data subject's given explicit consent to the processing of his or her personal data for one or more specific purposes |
Usage Note |
Valid consent in this case would have requirements for being 'explicit' in addition to requirements defined by A4-11. This is also mentioned in the Article 29 Working Party document "Guidelines on Consent under Regulation 2016/679 (wp259rev.01)" |
Source |
GDPR Art.6-1a |
Date Created |
2022-06-22 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit, Rigo Wenning |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A20 Right to Data Portability
,
A22 Right to object to automated decision making
,
A7-3 Right to Withdraw Consent
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art.6(1-a) regular consent
Term |
A6-1-a-non-explicit-consent |
Prefix |
eu-gdpr |
Label |
Art.6(1-a) regular consent |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-a-non-explicit-consent |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-a
→ dpv:ExpressedConsent
→ dpv:InformedConsent
→ dpv:Consent
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on data subject's given non-explicit express consent to the processing of his or her personal data for one or more specific purposes |
Usage Note |
Definition of consent: A data subject's unambigious/clear affirmative action that signifies an agreement to process their personal data (Rigo Wenning) . What is referred to as 'non-explicit consent' here is also termed as 'regular' consent in the Article 29 Working Party document "Guidelines on Consent under Regulation 2016/679 (wp259rev.01)". This is the legal basis that requires consent but not at the level of being 'explicit'. |
Source |
GDPR Art.6-1a |
Date Created |
2019-04-10 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit, Rigo Wenning |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A20 Right to Data Portability
,
A22 Right to object to automated decision making
,
A7-3 Right to Withdraw Consent
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-b) contract
Term |
A6-1-b |
Prefix |
eu-gdpr |
Label |
Art 6(1-b) contract |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-b |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:Contract
→ dpv:LegalAgreement
→ dpv:LegalMeasure
→ dpv:TechnicalOrganisationalMeasure
|
Object of relation |
dpv:hasLegalMeasure,
dpv:hasTechnicalOrganisationalMeasure
|
Definition |
Legal basis based on performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract |
Source |
GDPR Art.6-1b |
Date Created |
2019-04-05 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A20 Right to Data Portability
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-b) enter into contract
Term |
A6-1-b-enter-into-contract |
Prefix |
eu-gdpr |
Label |
Art 6(1-b) enter into contract |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-b-enter-into-contract |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-b
→ dpv:Contract
→ dpv:LegalAgreement
→ dpv:LegalMeasure
→ dpv:TechnicalOrganisationalMeasure
|
Broader/Parent types |
dpv:EnterIntoContract
→ dpv:Contract
→ dpv:LegalAgreement
→ dpv:LegalMeasure
→ dpv:TechnicalOrganisationalMeasure
|
Object of relation |
dpv:hasLegalMeasure,
dpv:hasTechnicalOrganisationalMeasure
|
Definition |
Legal basis based on taking steps at the request of the data subject prior to entering into a contract |
Source |
GDPR Art.6-1b |
Date Created |
2022-11-24 |
Date Modified |
2022-11-24 |
Contributors |
Georg P Krog |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A20 Right to Data Portability
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-d) protect vital interests
Term |
A6-1-d |
Prefix |
eu-gdpr |
Label |
Art 6(1-d) protect vital interests |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-d |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:VitalInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on protecting the vital interests of the data subject or of another natural person |
Source |
GDPR Art.6-1d |
Date Created |
2019-04-05 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-d) protect vital interests of data subject
Term |
A6-1-d-data-subject |
Prefix |
eu-gdpr |
Label |
Art 6(1-d) protect vital interests of data subject |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-d-data-subject |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-d
→ dpv:VitalInterest
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:VitalInterestOfDataSubject
→ dpv:VitalInterestOfNaturalPerson
→ dpv:VitalInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on protecting the vital interests of the data subject |
Source |
GDPR Art.6-1d |
Date Created |
2022-11-24 |
Date Modified |
2022-11-24 |
Contributors |
Georg P Krog |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-e) public interest or official authority
Term |
A6-1-e |
Prefix |
eu-gdpr |
Label |
Art 6(1-e) public interest or official authority |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-e |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:OfficialAuthorityOfController
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:PublicInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on performance of a task carried out in the public interest or in the exercise of official authority vested in the controller |
Source |
GDPR Art.6-1e |
Date Created |
2019-04-05 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-e) official authority
Term |
A6-1-e-official-authority |
Prefix |
eu-gdpr |
Label |
Art 6(1-e) official authority |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-e-official-authority |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-e
→ dpv:OfficialAuthorityOfController
→ dpv:LegalBasis
|
Broader/Parent types |
eu-gdpr:A6-1-e
→ dpv:PublicInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on the exercise of official authority vested in the controller |
Source |
GDPR Art.6-1e |
Date Created |
2022-08-24 |
Date Modified |
2022-11-24 |
Contributors |
Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-e) public interest
Term |
A6-1-e-public-interest |
Prefix |
eu-gdpr |
Label |
Art 6(1-e) public interest |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-e-public-interest |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-e
→ dpv:OfficialAuthorityOfController
→ dpv:LegalBasis
|
Broader/Parent types |
eu-gdpr:A6-1-e
→ dpv:PublicInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on performance of a task carried out in the public interest |
Source |
GDPR Art.6-1e |
Date Created |
2022-08-24 |
Date Modified |
2022-11-24 |
Contributors |
Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-f) legitimate interest
Term |
A6-1-f |
Prefix |
eu-gdpr |
Label |
Art 6(1-f) legitimate interest |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-f |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:LegitimateInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child |
Source |
GDPR Art.6-1f |
Date Created |
2019-04-05 |
Date Modified |
2022-11-24 |
Contributors |
Eva Schlehahn, Bud Bruegger, Harshvardhan J. Pandit |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-f) legitimate interest of controller
Term |
A6-1-f-controller |
Prefix |
eu-gdpr |
Label |
Art 6(1-f) legitimate interest of controller |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-f-controller |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-f
→ dpv:LegitimateInterest
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:LegitimateInterestOfController
→ dpv:LegitimateInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on the purposes of the legitimate interests pursued by the controller, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child |
Source |
GDPR Art.6-1f |
Date Created |
2022-11-24 |
Date Modified |
2022-11-24 |
Contributors |
Georg P Krog |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 6(1-f) legitimate interest of third party
Term |
A6-1-f-third-party |
Prefix |
eu-gdpr |
Label |
Art 6(1-f) legitimate interest of third party |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A6-1-f-third-party |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
eu-gdpr:A6-1-f
→ dpv:LegitimateInterest
→ dpv:LegalBasis
|
Broader/Parent types |
dpv:LegitimateInterestOfThirdParty
→ dpv:LegitimateInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
Legal basis based on the purposes of the legitimate interests pursued by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child |
Source |
GDPR Art.6-1f |
Date Created |
2022-11-24 |
Date Modified |
2022-11-24 |
Contributors |
Georg P Krog |
has right |
A13 Right to be Informed
,
A14 Right to be Informed
,
A15 Right of Access
,
A16 Right to Rectification
,
A17 Right to Erasure
,
A18 Right to Restrict Processing
,
A21 Right to object
,
A22 Right to object to automated decision making
,
A77 Right to Complaint
|
See More |
section LEGAL-BASIS in EU-GDPR
, section LEGAL-BASIS-RIGHTS-MAPPING in EU-GDPR
|
Art 9(2-d) legitimate activities
Term |
A9-2-d |
Prefix |
eu-gdpr |
Label |
Art 9(2-d) legitimate activities |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A9-2-d |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:LegitimateInterest
→ dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects; |
Source |
GDPR Art.9-2d |
Date Created |
2019-04-05 |
Date Modified |
2021-09-08 |
Contributors |
Eva Schlehahn, Bud Bruegger |
See More |
section LEGAL-BASIS-SPECIAL in EU-GDPR
|
Art 9(2-h) health & medicine
Term |
A9-2-h |
Prefix |
eu-gdpr |
Label |
Art 9(2-h) health & medicine |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#A9-2-h |
Type |
rdfs:Class, skos:Concept, dpv:LegalBasis |
Broader/Parent types |
dpv:LegalBasis
|
Object of relation |
dpv:hasLegalBasis
|
Definition |
preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 |
Source |
GDPR Art.9-2h |
Date Created |
2019-04-05 |
Contributors |
Eva Schlehahn, Bud Bruegger |
See More |
section LEGAL-BASIS-SPECIAL in EU-GDPR
|
AdHoc Contractual Clauses
Codes of Conduct for Data Transfers
Concerned Supervisory Authority
Term |
ConcernedSupervisoryAuthority |
Prefix |
eu-gdpr |
Label |
Concerned Supervisory Authority |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#ConcernedSupervisoryAuthority |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
dpv:DataProtectionAuthority
→ dpv:Authority
→ dpv:GovernmentalOrganisation
→ dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasAuthority,
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasConcernedSA,
eu-gdpr:hasEstablishment,
eu-gdpr:hasLeadSA,
eu-gdpr:hasLocalSA,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
Authority with other than lead supervisory authority who is involved in dealing with a cross-border data processing activity |
Source |
GDPR Art.56 |
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
DPIA Necessity Assessment
Establishment
Term |
Establishment |
Prefix |
eu-gdpr |
Label |
Establishment |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#Establishment |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasEstablishment,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
Establishment is a Legal Entity which implies the effective and real exercise of activities through stable arrangements (with a presumed parent or primary establishment) |
Source |
GDPR Recital 22 |
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
Lead Supervisory Authority
Term |
LeadSupervisoryAuthority |
Prefix |
eu-gdpr |
Label |
Lead Supervisory Authority |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#LeadSupervisoryAuthority |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
dpv:DataProtectionAuthority
→ dpv:Authority
→ dpv:GovernmentalOrganisation
→ dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasAuthority,
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasConcernedSA,
eu-gdpr:hasEstablishment,
eu-gdpr:hasLeadSA,
eu-gdpr:hasLocalSA,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
Authority with the primary responsibility for dealing with a cross-border data processing activity |
Source |
GDPR Art.56 |
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
Local Supervisory Authority
Term |
LocalSupervisoryAuthority |
Prefix |
eu-gdpr |
Label |
Local Supervisory Authority |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#LocalSupervisoryAuthority |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
dpv:DataProtectionAuthority
→ dpv:Authority
→ dpv:GovernmentalOrganisation
→ dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasAuthority,
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasConcernedSA,
eu-gdpr:hasEstablishment,
eu-gdpr:hasLeadSA,
eu-gdpr:hasLocalSA,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
Authority associated with the main or local establishment of an organisation |
Source |
GDPR Art.56 |
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
Main Establishment
Term |
MainEstablishment |
Prefix |
eu-gdpr |
Label |
Main Establishment |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#MainEstablishment |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
eu-gdpr:Establishment
→ dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasEstablishment,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
A Main Establishment is the place of central administration in the Union unless the decisions on the purposes and means of the processing of personal data are taken in another establishment in the Union and the latter establishment has the power to have such decisions implemented, in which case the establishment having taken such decisions is to be considered to be the main establishment |
Source |
GDPR Art.4-16 |
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
SCCs adopted by Commission
Single Establishment
Term |
SingleEstablishment |
Prefix |
eu-gdpr |
Label |
Single Establishment |
IRI |
https://w3id.org/dpv/legal/eu/gdpr#SingleEstablishment |
Type |
rdfs:Class, skos:Concept |
Broader/Parent types |
eu-gdpr:Establishment
→ dpv:Organisation
→ dpv:LegalEntity
→ dpv:Entity
|
Object of relation |
dpv:hasEntity,
dpv:hasResponsibleEntity,
dpv:hasSubsidiary,
dpv:isImplementedByEntity,
dpv:isIndicatedBy,
dpv:isRepresentativeFor,
dpv:isSubsidiaryOf,
eu-gdpr:hasEstablishment,
eu-gdpr:hasMainEstablishment,
eu-gdpr:isMainEstablishmentFor
|
Definition |
A legal entity that is established in only one Member State |
Source |
|
Contributors |
Harshvardhan J. Pandit, Georg P Krog |
See More |
section ENTITIES in EU-GDPR
|
DPV uses the following terms from [[RDF]] and [[RDFS]] with their defined meanings:
- rdf:type to denote a concept is an instance of another concept
- rdfs:Class to denote a concept is a Class or a category
- rdfs:subClassOf to specify the concept is a subclass (subtype, sub-category, subset) of another concept
- rdf:Property to denote a concept is a property or a relation
The following external concepts are re-used within DPV:
External
dcat:Resource
Term |
dcat:Resource |
Prefix |
dcat |
Label |
dcat:Resource |
IRI |
http://www.w3.org/ns/dcat#Resource |
Type |
rdfs:Class, rdfs:Class, skos:Concept, skos:Concept |
Usage Note |
A dataset or catalogue or any other resource provided in fulfilment of a Right Exercise, such as for GDPR's Art.15 regarding Right of Access or Art.20 regarding Right to Data Portability. The associated properties from DCAT and DCMI DCT vocabularies provide convenient means to express metadata such as URL for accessing the data, its temporal validity and acecss restrictions, and specific datasets present along with their schemas. |
Usage Note |
A dataset, data service, or any other resource associated with Right Exercise - such as for providing a copy of data |
Date Created |
2022-11-02 |
Contributors |
Beatriz Esteves, Georg Krog, Harshvardhan J. Pandit |
See More |
section RIGHTS in DPV
|
dct:coverage
Term |
dct:coverage |
Prefix |
dct |
Label |
dct:coverage |
IRI |
http://purl.org/dc/terms/coverage |
Type |
rdf:Property, skos:Concept |
Usage Note |
For expressing coverage (e.g. jurisdictions, products, services) of the DPIA document or process. For temporal coverage, please see dct:temporal. The coverage can be expressed using dpv:PersonalDataHandling, or using another concept, or even be a link or reference to a document, or a textual description |
See More |
|
dct:identifier
Term |
dct:identifier |
Prefix |
dct |
Label |
dct:identifier |
IRI |
http://purl.org/dc/terms/identifier |
Type |
rdf:Property, skos:Concept |
Usage Note |
Indicates an identifier associated with the DPIA documentation or process. Identifiers may be reused from existing systems, or created for the purposes of record management |
See More |
section DPIA in EU-GDPR
|
dct:subject
Term |
dct:subject |
Prefix |
dct |
Label |
dct:subject |
IRI |
http://purl.org/dc/terms/subject |
Type |
rdf:Property, skos:Concept |
Usage Note |
For expressing the subject of the DPIA document or process, where subject refers to the point of focus. For expressing what is affected or included within the DPIA, please see dct:coverage |
See More |
|
dct:valid
Term |
dct:valid |
Prefix |
dct |
Label |
dct:valid |
IRI |
http://purl.org/dc/terms/valid |
Type |
rdf:Property, rdf:Property, skos:Concept, skos:Concept |
Usage Note |
For expressing the temporal date or range of validity of the DPIA document or process. This refers to the time period for which the DPIA is considered valid, and does not refer to the temporal period associated with processing (see dct:temporal instead). The assumption is that after this period, the DPIA should be re-evaluated or some process should be triggered |
Usage Note |
Specfiying the temporal validity of an activity associated with Right Exercise. For example, limits on duration for providing or accessing provided information |
See More |
section RIGHTS in DPV
|
has status
Term |
dpv:hasStatus |
Prefix |
dpv |
Label |
has status |
IRI |
https://w3id.org/dpv#hasStatus |
Type |
rdf:Property, rdf:Property, skos:Concept, skos:Concept |
Domain includes |
dpv:RightExerciseActivity
|
Range includes |
dpv:Status
|
Definition |
Indicates the status of specified concept |
Usage Note |
For expressing the status of the DPIA document or process. Here different statuses are used to convey different contextual meanings. For example, dpv:ActivityStatus expresses the state of the activity in terms of whether it is ongoing or completed, and dpv:AuditStatus expresses the state of the audit process in terms of being required, approved, or rejected. These are applied over each step of the DPIA i.e. DPIANecessityAssessment, DPIAProcedure, and DPIAOutcome. Similarly, a process also uses hasStatus with DPIAConformity to indicate adherence to the results of the DPIA process. |
Usage Note |
Indicates the status of a Right Exercise Activity |
Date Created |
2022-05-18 |
Contributors |
Harshvardhan J. Pandit |
See More |
section CONTEXT-STATUS in DPV
, section RIGHTS in DPV
|
Funding Acknowledgements
Funding Sponsors
The DPVCG and DPV were initiated as part of the SPECIAL H2020 Project, which received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731601. The SPECIAL project ran over a 3-year period from 2017 to 2019.
Harshvardhan J. Pandit was funded by the Irish Research Council Government of Ireland Postdoctoral Fellowship Grant#GOIPD/2020/790 for working within the DPVCG and contributing to the DPV. The fellowship lasted from 2020 to 2022.
Funding Acknowledgements for Contributors
The contributions of Piero Bonatti and Luigi Sauro to the DPVCG have been funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement N. 731601 (project SPECIAL) until 2019, and under grant agreement N. 883464 (project TRAPEZE) from 2020 until 2023.
The contributions of Beatriz Esteves have received funding through the PROTECT ITN Project from the European Union’s Horizon 2020 research and innovation programme under the Marie Skłodowska-Curie grant agreement No 813497.
The contributions of Harshvardhan J. Pandit have received funding from the ADAPT SFI Centre for Digital Media Technology is funded by Science Foundation Ireland through the SFI Research Centres Programme and is co-funded under the European Regional Development Fund (ERDF) through Grant#13/RC/2106 (2018 to 2020) and Grant#13/RC/2106_P2 (2021 onwards)