dc.contributor.author | Pandit, Harshvardhan | en |
dc.contributor.author | Brennan, Rob | en |
dc.date.accessioned | 2022-05-11T08:02:30Z | |
dc.date.available | 2022-05-11T08:02:30Z | |
dc.date.issued | 2022 | en |
dc.date.submitted | 2022 | en |
dc.identifier.citation | Paul Ryan, Rob Brennan, Harshvardhan J. Pandit, DPCat: Specification for an Interoperable and Machine-Readable Data Processing Catalogue Based on GDPR, Information, 13, 5, 2022 | en |
dc.identifier.other | Y | en |
dc.description | PUBLISHED | en |
dc.description.abstract | The GDPR requires Data Controllers and Data Protection Officers (DPO) to maintain a
Register of Processing Activities (ROPA) as part of overseeing the organisation’s compliance processes.
The ROPA must include information from heterogeneous sources such as (internal) departments with
varying IT systems and (external) data processors. Current practices use spreadsheets or proprietary
systems that lack machine-readability and interoperability, presenting barriers to automation. We
propose the Data Processing Catalogue (DPCat) for the representation, collection and transfer of
ROPA information, as catalogues in a machine-readable and interoperable manner. DPCat is based
on the Data Catalog Vocabulary (DCAT) and its extension DCAT Application Profile for data portals
in Europe (DCAT-AP), and the Data Privacy Vocabulary (DPV). It represents a comprehensive
semantic model developed from GDPR’s Article and an analysis of the 17 ROPA templates from
EU Data Protection Authorities (DPA). To demonstrate the practicality and feasibility of DPCat,
we present the European Data Protection Supervisor’s (EDPS) ROPA documents using DPCat,
verify them with SHACL to ensure the correctness of information based on legal and contextual
requirements, and produce reports and ROPA documents based on DPA templates using SPARQL.
DPCat supports a data governance process for data processing compliance to harmonise inputs from
heterogeneous sources to produce dynamic documentation that can accommodate differences in
regulatory approaches across DPAs and ease investigative burdens toward efficient enforcement. | en |
dc.language.iso | en | en |
dc.relation.ispartofseries | Information | en |
dc.relation.ispartofseries | 13 | en |
dc.relation.ispartofseries | 5 | en |
dc.rights | Y | en |
dc.subject | GDPR | en |
dc.subject | Data governance | en |
dc.subject | Semantic-web | en |
dc.title | DPCat: Specification for an Interoperable and Machine-Readable Data Processing Catalogue Based on GDPR | en |
dc.type | Journal Article | en |
dc.type.supercollection | scholarly_publications | en |
dc.type.supercollection | refereed_publications | en |
dc.identifier.peoplefinderurl | http://people.tcd.ie/pandithj | en |
dc.identifier.peoplefinderurl | http://people.tcd.ie/rbrenna | en |
dc.identifier.rssinternalid | 242893 | en |
dc.identifier.doi | http://dx.doi.org/10.3390/info13050244 | en |
dc.identifier.doi | http://dx.doi.org/10.5281/zenodo.6448787 | en |
dc.rights.ecaccessrights | openAccess | |
dc.subject.TCDTag | DCAT | en |
dc.subject.TCDTag | GDPR | en |
dc.subject.TCDTag | RDF | en |
dc.subject.TCDTag | ROPA | en |
dc.subject.TCDTag | SEMANTIC WEB | en |
dc.identifier.rssuri | https://harshp.com/research/publications/052-DPCat-ROPA-spec | en |
dc.identifier.rssuri | https://w3id.org/dpcat | en |
dc.contributor.sponsor | Irish Research Council (IRC) | en |
dc.contributor.sponsorGrantNumber | GOIPD/2020/790 | en |
dc.contributor.sponsor | Science Foundation Ireland (SFI) | en |
dc.contributor.sponsorGrantNumber | 13/RC/2106_P2 | en |
dc.identifier.uri | http://hdl.handle.net/2262/98569 | |