Re: Working paper - Using the DPV to map the GDPR Register of Processing Activities from Harshvardhan J. Pandit on 2020-09-21 (public-dpvcg@w3.org from September 2020)

From: Harshvardhan J. Pandit <me@harshp.com>
Date: Mon, 21 Sep 2020 20:59:04 +0100
To: public-dpvcg@w3.org
Cc: Paul Ryan <paul.ryan76@mail.dcu.ie>, Rob Brennan <rob.brennan@dcu.ie>
Message-ID: <c56c84ad-c387-bee3-0e2e-7326525f5e32@harshp.com>

Hello.
We propose the following concepts regarding GDPR's ROPA for inclusion in 
the DPV - this follows Paul's previous email on the same topic.

The concepts are in RDF/Turtle format (see file dpv-ropa.ttl) and are 
mapped to relevant concepts where possible.
Additional concepts which need further discussion are presented in the 
file discussion.md

https://github.com/coolharsh55/dpv-ropa

For enquiries and comments regarding the concepts, please contact Paul 
(CC'd) or Rob (CC'd) or myself.

Regards,
Harsh

On 12/08/2020 17:14, Paul Ryan wrote:
> Hello All
> 
> My Name is Paul Ryan. I am  aPhD student in Dublin City University. I am 
> new to this group . I wanted to make you all aware of some work that 
> myself, Harshvardhan J Pandit and Rob Brennan are doing at the moment. 
> We used the DPV to map a number of GDPR concepts that are contained 
> within six regulator provided  Register of Processing Activities (ROPA) 
>   templates. The findings from our research are quite interesting in 
> that we have identified some areas where the DPV could be extended to 
> fully map the ROPA.  An abstract and a link to the working paper are 
> provided below:
> 
> 
>   Towards a Semantic Model of the GDPR Register of Processing Activities
> 
> Paul Ryan 
> <https://arxiv.org/search/cs?searchtype=author&query=Ryan%2C+P>, 
> Harshvardhan J. Pandit 
> <https://arxiv.org/search/cs?searchtype=author&query=Pandit%2C+H+J>, Rob 
> Brennan <https://arxiv.org/search/cs?searchtype=author&query=Brennan%2C+R>
> 
>     A core requirement for GDPR compliance is the maintenance of a
>     register of processing activities (ROPA). Our analysis of six ROPA
>     templates from EU data protection regulators shows the scope and
>     granularity of a ROPA is subject to widely varying guidance in
>     different jurisdictions. We present a consolidated data model based
>     on common concepts and relationships across analysed templates.. We
>     then analyse the extent of using the Data Privacy Vocabulary - a
>     vocabulary specification for GDPR. We show that the DPV currently
>     does not provide sufficient concepts to represent the ROPA data
>     model and propose an extension to fill this gap. This will enable
>     creation of a pan-EU information management framework for
>     interoperability between organisations and regulators for GDPR
>     compliance.
> 
> Link to our working paper <https://arxiv.org/abs/2008.00877>
> 
> We hope that you find this of interest, and I welcome any feedback on 
> our work
> 
> Thanks
> 
> Paul
> 
> /
> /
> 
> *Séanadh Ríomhphoist/*
> 
> //
> 
> *Email Disclaimer*
> 
> /
> 
> /
> 
> /
> 
> Tá an ríomhphost seo agus aon chomhad a sheoltar leis faoi rún agus is 
> lena úsáid ag an seolaí agus sin amháin é. Is féidir tuilleadh a léamh 
> anseo. 
> <https://www4.dcu.ie/iss/seanadh-riomhphoist.shtml><https://www4.dcu.ie/iss/seanadh-riomhphoist.shtml>
> 
> /
> 
> /
> 
> /This e-mail and any files transmitted with it are confidential and are 
> intended solely for use by the addressee. Read more here. 
> <https://www4.dcu.ie/iss/email-disclaimer.shtml> /
> 
> ///
> 

-- 
---
Harshvardhan Pandit, Ph.D
Researcher at ADAPT Centre, Trinity College Dublin
https://harshp.com/research/

Received on Monday, 21 September 2020 19:59:20 UTC