- From: Harshvardhan J. Pandit <me@harshp.com>
- Date: Wed, 20 Apr 2022 09:40:27 +0100
- To: Jan Lindquist <jan@linaltec.com>, public-dpvcg@w3.org
Hi.
IMHO - no, a ROPA (Record) is not an agreement. It is the organisations
"Register of Processing Activities", as per GDPR Art.30. You can have a
ROPA for each Processor/Controller/Third-Party, but it will not be the
agreement itself.
That said, I think the ROPA data can be part of an agreement e.g.
ex:XYZ a dpv:DataProcessingAgreement ;
dpv:hasPersonalDataHandling ex:ROPARecord1, ex:ROPARecord2, ...
that says: this agreement is between these parties (link to entities)
for theses activities (reference to ROPA data). But to be clear, I don't
think the ROPA itself should be used as the agreement.
Regards,
Harsh
On 20/04/2022 09:21, Jan Lindquist wrote:
> Hi,
>
> I am starting a separate thread to not disturb the good discussion over
> ROPA and DCAP-AP. When two organizations set up an agreement to share
> data between them (third party agreement) there is a field in ROPARecord
> for capturing those agreements under Data Processing Contract. Many of
> the fields in ROPARecord are similar to what would be in that third
> party agreement. Would there be a reuse of the same record to create the
> third party agreement? Can ROPARecord be the third party agreement?
>
> BR,
> Jan
--
---
Harshvardhan J. Pandit, Ph.D
Research Fellow
ADAPT Centre, Trinity College Dublin
https://harshp.com/
Received on Wednesday, 20 April 2022 08:40:40 UTC