- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Wed, 20 Apr 2022 09:40:27 +0100
- To: Jan Lindquist <jan@linaltec.com>, public-dpvcg@w3.org
Hi. IMHO - no, a ROPA (Record) is not an agreement. It is the organisations "Register of Processing Activities", as per GDPR Art.30. You can have a ROPA for each Processor/Controller/Third-Party, but it will not be the agreement itself. That said, I think the ROPA data can be part of an agreement e.g. ex:XYZ a dpv:DataProcessingAgreement ; dpv:hasPersonalDataHandling ex:ROPARecord1, ex:ROPARecord2, ... that says: this agreement is between these parties (link to entities) for theses activities (reference to ROPA data). But to be clear, I don't think the ROPA itself should be used as the agreement. Regards, Harsh On 20/04/2022 09:21, Jan Lindquist wrote: > Hi, > > I am starting a separate thread to not disturb the good discussion over > ROPA and DCAP-AP. When two organizations set up an agreement to share > data between them (third party agreement) there is a field in ROPARecord > for capturing those agreements under Data Processing Contract. Many of > the fields in ROPARecord are similar to what would be in that third > party agreement. Would there be a reuse of the same record to create the > third party agreement? Can ROPARecord be the third party agreement? > > BR, > Jan -- --- Harshvardhan J. Pandit, Ph.D Research Fellow ADAPT Centre, Trinity College Dublin https://harshp.com/
Received on Wednesday, 20 April 2022 08:40:40 UTC