The GDPRtEXT ontology aims to provide a way to refer and use concepts defined by the General Data Protection Regulation (GDPR). It does so by exposing the text of the GDPR as a linked data resource using the European Legislation Identified (ELI) ontology. SKOS is then used to define concepts defined / specified / used by the GDPR.
The process provides each article or point within the GDPR with a unique ID (also it's linked-data URI) that can be used to refer to it. This is then used to relate each article with the concepts (defined by SKOS) that are defined or mentioned within it or are related to it.
The ELI ontology provides a way to express the individual legislative
points using eli:LegalResourceSubdivision
which is used to defined the
chapters,
sections,
articles,
points, and
subpoints within the GDPR.
GDPR itself is a represented using all:LegalResource
with various
properties connecting the related resources.
Using these concepts, the GDPR text is given unique identifiers, and then related
to the concepts it contains using skos:Concept
.
By defining GDPR text as a linked data resource (and using semantic web vocabularies to do so),
it is possible to create resources (which can be defined separately or independent of each other)
that annotate or refer to the text within the GDPR. For example, a document that refers to
specific rights within the GDPR can be created as a table listing the specific articles or points
of relevance using their IRI in the GDPRtEXT resource. skos:Concept
classes can be further
used to annotate these articles and other documentation pertaining to GDPR.
Using the terms defined within the ontology for referring to specific subdivisions
within the GDPR, an RDF dataset was created from the GDPR text by assigning
each subdivision an unique id (through the RDF URI).
The GDPR dataset is available as a
DCAT distribution at
https://w3id.org/GDPRtEXT/distributions (namespace gdprdist
)
with the following datasets -
gdprdist:canonical_dataset
gdprdist:textid_dataset
gdprdist:annotated_dataset
bibo | <http://purl.org/ontology/bibo/> |
dc | <http://purl.org/dc/elements/1.1/> |
eli | <http://data.europa.eu/eli/ontology#> |
eurlex | <http://eur_lex.europa.eu/legal_content/EN/ALL/> |
gdpr | <https://w3id.org/GDPRtEXT/gdpr#> |
gdprov | <https://w3id.org/GDPRov#> |
gdprtext | <https://w3id.org/GDPRtEXT#> |
owl | <http://www.w3.org/2002/07/owl#> |
rdf | <http://www.w3.org/1999/02/22-rdf-syntax-ns#> |
rdfs | <http://www.w3.org/2000/01/rdf-schema#> |
skos | <http://www.w3.org/2004/02/skos/core#> |
status | <http://purl.org/ontology/bibo/status/> |
terms | <http://purl.org/dc/terms/> |
vaem | <http://www.linkedmodel.org/schema/vaem#> |
vann | <http://purl.org/vocab/vann/> |
xml | <https://w3.org/2001/XMLSchema#> |
xsd | <http://www.w3.org/2001/XMLSchema#> |
GDPRtEXT uses the ELI ontology to define various sections within the GDPR such
as Chapter, Section, Article, Point, and SubPoint. These are defined using
eli:LegalResourceSubdivision
. The connection between these subdivisions is
defined using properties extended from eli:has_part
and eli:is_part_of
.
owl:Class rdf:about="https://w3id.org/GDPRtEXT#Article">
<rdfs:subClassOf rdf:resource="http://data.europa.eu/eli/ontology#LegalResourceSubdivision"/>
<rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string">Article in GDPR text</rdfs:comment>
<rdfs:isDefinedBy rdf:resource="http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679"/>
<rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string">Article</rdfs:label>
<skos:example>gdpr:article10 a eli:LegalResourceSubdivision,
GDPRtEXT:Article ;
eli:is_part_of gdpr:GDPR,
gdpr:chapterII ;
eli:number "10"^^xsd:string ;
eli:title_alternative "Article 10"^^xsd:string ;
GDPRtEXT:hasPoint gdpr:article10-1 ;
GDPRtEXT:isPartOfChapter gdpr:chapterII .</skos:example>
</owl:Class>
gdpr:article1-1 a eli:LegalResourceSubdivision,
GDPRtEXT:Point ;
eli:description "This Regulation ..."^^xsd:string ;
eli:is_part_of gdpr:GDPR,
gdpr:article1,
gdpr:chapterI ;
eli:number "1"^^xsd:string ;
eli:title_alternative "Article1(1)"^^xsd:string ;
GDPRtEXT:isPartOfArticle gdpr:article1 ;
GDPRtEXT:isPartOfChapter gdpr:chapterI .
The concepts within GDPR are expressed using skos:Concept
. They are related
to the text within the GDPR where they are defined or mentioned using
rdfs:isDefinedBy
property.
<owl:Class rdf:about="https://w3id.org/GDPRtEXT#Consent">
<rdfs:subClassOf rdf:resource="http://www.w3.org/2004/02/skos/core#Concept"/>
<rdfs:comment xml:lang="en">Consent in the context of the GDPR refers to ...</rdfs:comment>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article4-11"/>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article6-1"/>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital32"/>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital40"/>
<rdfs:label>Consent</rdfs:label>
</owl:Class>
The connection between different concepts is represented using the property involves defined by GDPRtEXT.
<owl:Class rdf:about="https://w3id.org/GDPRtEXT#DataMinimisation">
<rdfs:subClassOf rdf:resource="https://w3id.org/GDPRtEXT#Principle"/>
<involves rdf:resource="https://w3id.org/GDPRtEXT#AccurateCollection"/>
<involves rdf:resource="https://w3id.org/GDPRtEXT#ExplicitPurpose"/>
<involves rdf:resource="https://w3id.org/GDPRtEXT#PersonalData"/>
<involves rdf:resource="https://w3id.org/GDPRtEXT#Processing"/>
<involves rdf:resource="https://w3id.org/GDPRtEXT#SpecifiedPurpose"/>
<rdfs:comment xml:lang="en">The principle of data minimisation states that personal data must be adequate,
relevant and limited to what is necessary in relation to the purposes for which they
are processed.</rdfs:comment>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article5-1-c"/>
<rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital39"/>
<rdfs:label>Principle of Data Minimisation</rdfs:label>
</owl:Class>
The hierarchy of skos:Concept
within GDPRtEXT is used to reflect the relation
of concepts in two different ways. One is to represent subclasses as narrower
types of the concept, such as data and personal data.
The other is to use subclasses to group related concepts together, as is the
case with obligation and DPO obligation and
monitor compliance where 'monitor compliance' is also
an activity as well as refers to compliance.
There are over 200+ concepts defined within this ontology referring to the GDPR. These were modelled through a reading of the GDPR text and using terms and concepts referred to within the text. The terms are not meant to be instantiated, though in some cases, such as for personal data, it may be beneficial. The aim of the ontology is to provide a way to refer to these concepts and use them in other additional work.
The following diagrams (displayed in two parts for clarity) were generated using Protege and display the classes in GDPRtEXT modeled from an analysis of the GDPR.
A Chapter is the largest sub-unit in the GDPR. A chapter can contain
one or more sections or articles. There are a total of 10 chapters in GDPR,
named in the roman style from I
to X
. Their unique-id in GDPRtEXT is defined
as chapterN
where N
is the chapter number in roman numerals.
Chapters are linked with the GDPR resource through the property hasChapter which specifies that the GDPR contains the referenced chapters.
Chapters are linked to their sections, articles, points, and subpoints using the property isPartOfChapter which specifies that the chapter contains the defined subresource.
A Section is an collection of article within a Chapter.
A section can contain
one or more articles.
Section are named using decimanl numbers from 1.
Their unique-id in GDPRtEXT is defined
as chapterN-X
where N
is the chapter number in roman and X
is the
section number in decimal numerals.
Sections are linked to their chapters using the property hasSection which specifies that the chapter contains the referenced section.
Sections are linked to their articles, points, and subpoints using the property isPartOfSection which specifies that the section contains the defined subresource.
A Article is a unit of points within the GDPR.
A article can contain
one or more points, each of which can contain zero or more subpoints.
Article are named using decimanl numbers from 1.
Their unique-id in GDPRtEXT is defined
as articleX
where X
is the
article number in decimal numerals.
Articles are linked to their chapters and sections using the property hasArticle which specifies that the chapter or section contains the referenced article.
Articles are linked to their points and subpoints using the property isPartOfArticle which specifies that the article contains the defined subresource.
A Point is an paragraph or point of text within an article.
It can contain zero or more sub-points. It's unique id in GDPRtEXT is defined
as articleX-Y
where X
is the article number in decimal,
and Y
is the point number (or letter).
Points are linked to their articles using the property hasPoint which specifies that the article contains the referenced point.
Points are linked to their subpoints using [isPartOfPoint](#isPartOfPoint] which specifies that the point contains the defined subpoints.
A SubPoint is an paragraph or subpoint of text within a point of an article.
It's unique id in GDPRtEXT is definde
as articleX-Y-Z
where X
is the article number in decimal,
and Y
is the point number (or letter) and Z
is the subpoint number (or letter).
SubPoints are linked to their points using the property hasSubPoint which specifies that the point contains the referenced subpoint.
A Recital is the text preceding the chapters and articles of the GDPR
which specifies the reasons and provisions for the GDPR.
It's unique id in GDPRtEXT is defined as recitalX
where X
is the recital number.
Recitals are linked to GDPR using the property hasRecital which specifies that the referenced recital is part of GDPR.
The Citation within the GDPR text are references to other documents.
The unique id for citations is given by citationX
where X
is the citation number.
Citations are referenced to legal resources using the property hasCitation which specifies that the citation occurs or is referenced within that legal resource.
Consent refers specifically to the concept of consent as specified within the GDPR. It contains concepts to refer to the given consent and to consent that is considered to be valid under the GDPR.
Entity refers to specific entities that are mentioned or are referred to by the GDPR such as data subject, controller, processor, data protection office (DPO), etc.
Activity refers to some process or action mentioned, referred, implied, or defined by the GDPR. It contains concepts to distinguish between activities about consent and activities involving data. It also defines several other activities related to the functioning of the GDPR such as reporting data breach, processing, demonstrating consent, etc.
Compliance refers to the compliance towards the GDPR and contains concepts regarding the same.
This example use-case takes a look at how references to GDPR can aid in creation of compliance reports. For this, we consider a system for creation of compliance reports that stores information related to each of the obligations it addresses from the GDPR. It uses the EARL vocabulary for expressing results of conformance checks within the report. GDPRtEXT is used to link the resources in EARL reports with articles and points within the GDPR as well as to express and define concepts related to compliance in a suitable and comprehensible manner.
EARL provides a standardized vocabulary to describe specific resources and relationships that are relevant to test reporting. The core construct of EARL is an Assertion, which describes the context and outcome of an individual test execution. It contains the following information (copied verbatim from EARL website):
Taking the example of Right to Data Portability, the EARL report below represents
compliance checks with conditions associated with the relevant articles in GDPR (Article 20).
The compliance system has a module _system_dataportability
that checks the software that
handles the provision of personal data copy _org_dataportability
through the test case
_test_provide_data_copy
and generates the following report which shows that the test
has passed in _result_pass
.
@prefix earl: http://www.w3.org/ns/earl# .
@prefix dct: http://purl.org/dc/terms/ .
@prefix gdprtext: http://purl.org/adaptcentre/resources/GDPRtEXT# .
:_org_dataportability
a earl:TestSubject, earl:Software ;
dct:description """System that handles data portability requests"""@en ;
dct:title "Data Portability Handler"@en .
:_system_dataportability
a earl:Assertor ;
dct:description """Module checking data portability obligations"""@en ;
dct:hasVersion "1.4" ;
dct:title "DataPortability Module"@en ;
earl:asserts { :_org_dataportability :_result_pass :_test_provide_data_copy } .
:_result_pass
a earl:ResultProperty ;
earl:date "2018-01-01" ;
earl:validity earl:Pass ;
earl:confidence earl:High .
:_test_provide_data_copy
a earl:TestCase ;
earl:testMode earl:automatic ;
dct:title "Test provision of data copy"@en ;
dct:description """Tests whether system provides a copy of personal data on exercising right to data portability"""@en ;
dct:subject gdprtext:article20 .
Now to gather such related resources together, a SPARQL query (simplified) would focus on the
link between TestCase
and its result using earl:validity
.
SELECT ?gdpr ?result ?confidence ?mode WHERE {
?assertor a earl:Assertor .
?assertor earl:asserts ?assertion .
?testcase rdf:predicate ?assertion .
?testcase a earl:TestCase .
?testcase dct:subject ?gdpr .
?testcase ear:testMode ?mode .
?testresult rdf:object ?assertion .
?testresult a earl:ResultProperty .
?testresult earl:validity ?result .
?testresult earl:confidence ?confidence .
}
Which will give a table like:
| gdpr | result | confidence | mode |
|----------- |-------- |------------ |----------- |
| article16 | pass | low | automatic |
| article17 | pass | high | automatic |
| article18 | fail | high | manual |
| article19 | pass | high | automatic |
These can be further combined using Test Suites
to group compliance checks
related to each article or a particular concept and structure the testing around
this form of logical grouping of concepts.
The annotations are available online on the OpenScience website in the form of a HTML table as well as a CSV file and a RDF dataset. Each row (HTML table, CSV) has 5 columns that contain a reference from a point in DPD to its corresponding point in the GDPR, the nature of change between the two, whether the corresponding XACML rule needs to be extended, and a description comment. The nature of change is represented as one of the following - same, reduced, slightly changed, completely changed, and extended. For XACML rules, the notation N/A is used in the case where there were no XACML rules for DPD but the corresponding point in GDPR has changed. The value No is used where there is no change in the GDPR obligation or the existing XACML rule is sufficient to handle the change, whereas Yes is used to indicate a change required in the XACML rule to handle the obligation.
@prefix gdpr: https://w3id.org/GDPRtEXT/gdpr# .
@prefix dpd: https://w3id.org/GDPRtEXT/dpd# .
@prefix rdfs: http://www.w3.org/2000/01/rdf-schema# .
dpd:mappingrule6
a dpd:DPDToGDPR_Annotation ;
dpd:hasChange dpd:ChangeExtended ;
dpd:hasXACMLChange dpd:XACMLNoChange ;
dpd:resourceInDPD dpd:Article7 - a ;
dpd:resourceInGDPR gdpr:Article6-1-a ;
rdfs:comment "added consent given to ..." .
To model the annotations as a RDF resource using GDPRtEXT, we created
a linked data version of the DPD which assigned URIs for every resource in
the legislation similar to the GDPR linked data resource. The annotations are
represented as instances of the class DPDToGDPRAnnotation
.
The property resourceInDPD
is used to refer to the particular resource within DPD through
its URI. Similarly, the property resourceInGDPR
is used to refer to the
corresponding resource in GDPR. The nature of change is defined using the property
hasChange
whose value is an instances of the class ChangeInObligation
, with
defined instances for Extended, Same, Reduced, CompletelyChanged
, and
SlightlyChanged
. Similarly, the change in the XACML rules is defined as a property
whose values are one of Yes, No, and N/A defined as instances of the class
ChangeInXACMLRule
. Comments are defined using the rdfs:comment
property.
IRI: https://w3id.org/GDPRtEXT#AccuracyIsContested
IRI: https://w3id.org/GDPRtEXT#AccurateCollection
IRI: https://w3id.org/GDPRtEXT#Activity
IRI: https://w3id.org/GDPRtEXT#AdequateForProcessing
IRI: https://w3id.org/GDPRtEXT#AdherenceToSealCertification
IRI: https://w3id.org/GDPRtEXT#ProcessorControllerAgreement
IRI: https://w3id.org/GDPRtEXT#AnonymousData
IRI: https://w3id.org/GDPRtEXT#AppointingSubProcessors
IRI: https://w3id.org/GDPRtEXT#AppointmentOfProcessors
IRI: https://w3id.org/GDPRtEXT#ArchiveData
IRI: https://w3id.org/GDPRtEXT#Article
gdpr:article10 a eli:LegalResourceSubdivision, GDPRtEXT:Article ; eli:is_part_of gdpr:GDPR, gdpr:chapterII ; eli:number "10"^^xsd:string ; eli:title_alternative "Article 10"^^xsd:string ; GDPRtEXT:hasPoint gdpr:article10-1 ; GDPRtEXT:isPartOfChapter gdpr:chapterII .
IRI: https://w3id.org/GDPRtEXT#AssistInComplyingWithRights
IRI: https://w3id.org/GDPRtEXT#AutomatedProcessing
IRI: https://w3id.org/GDPRtEXT#AutomatedDecisionMakingWithSignificantEffect
IRI: https://w3id.org/GDPRtEXT#ConditionsForSealsAndCertifications
IRI: https://w3id.org/GDPRtEXT#CanBeWithdrawnEasilyConsentObligation
IRI: https://w3id.org/GDPRtEXT#RecordCategoriesOfDataSubjectsAndPersonalData
IRI: https://w3id.org/GDPRtEXT#Certification
IRI: https://w3id.org/GDPRtEXT#CertificationBody
IRI: https://w3id.org/GDPRtEXT#Chapter
gdpr:chapterI a eli:LegalResourceSubdivision, GDPRtEXT:Chapter ; eli:is_part_of gdpr:GDPR ; eli:number "I"^^xsd:string ; eli:title "General provisions"^^xsd:string ; eli:title_alternative "Chapter I"^^xsd:string ; GDPRtEXT:hasArticle gdpr:article1, gdpr:article2, gdpr:article3, gdpr:article4 .
IRI: https://w3id.org/GDPRtEXT#Citation
gdpr:citation1 a eli:LegalResourceSubdivision, GDPRtEXT:Citation ; eli:description "OJ C 229, 31.7.2012, p. 90."^^xsd:string ; eli:is_part_of gdpr:GDPR ; eli:number "1"^^xsd:string .
IRI: https://w3id.org/GDPRtEXT#ClearExplanationOfProcessingConsentObligation
IRI: https://w3id.org/GDPRtEXT#CooperateWithDPA
IRI: https://w3id.org/GDPRtEXT#CodeOfConduct
IRI: https://w3id.org/GDPRtEXT#CollectionMechanism
IRI: https://w3id.org/GDPRtEXT#CollectionOfPersonalData
IRI: https://w3id.org/GDPRtEXT#Compliance
IRI: https://w3id.org/GDPRtEXT#ComplianceWithControllersInstructions
IRI: https://w3id.org/GDPRtEXT#InformationShouldBeConcise
IRI: https://w3id.org/GDPRtEXT#ConfirmingOrMatchingDatasets
IRI: https://w3id.org/GDPRtEXT#Consent
IRI: https://w3id.org/GDPRtEXT#ConsentActivity
IRI: https://w3id.org/GDPRtEXT#PossibleConsequenceForDataSubject
IRI: https://w3id.org/GDPRtEXT#ContextOfDataCollection
IRI: https://w3id.org/GDPRtEXT#ContractWithDataSubject
IRI: https://w3id.org/GDPRtEXT#Controller
IRI: https://w3id.org/GDPRtEXT#ControllerAccountability
IRI: https://w3id.org/GDPRtEXT#ControllerHasTakenAction
IRI: https://w3id.org/GDPRtEXT#ControllerObligation
IRI: https://w3id.org/GDPRtEXT#ControllerRepresentative
IRI: https://w3id.org/GDPRtEXT#ControllerResponsibility
IRI: https://w3id.org/GDPRtEXT#ShouldBeCommonlyUsedFormat
IRI: https://w3id.org/GDPRtEXT#ShouldBeMachineReadable
IRI: https://w3id.org/GDPRtEXT#R19
IRI: https://w3id.org/GDPRtEXT#CriminalData
IRI: https://w3id.org/GDPRtEXT#CrossBorderTransfer
IRI: https://w3id.org/GDPRtEXT#Data
IRI: https://w3id.org/GDPRtEXT#DataActivity
IRI: https://w3id.org/GDPRtEXT#DataBreach
IRI: https://w3id.org/GDPRtEXT#DataWasInferredOrDerived
IRI: https://w3id.org/GDPRtEXT#DataNoLongerNeededForOriginalPurpose
IRI: https://w3id.org/GDPRtEXT#DataProtectionByDesignAndByDefault
IRI: https://w3id.org/GDPRtEXT#RetentionOfPersonalData
IRI: https://w3id.org/GDPRtEXT#DataSecurity
IRI: https://w3id.org/GDPRtEXT#DataSubject
IRI: https://w3id.org/GDPRtEXT#Rights
IRI: https://w3id.org/GDPRtEXT#ShouldBeDemonstrable
IRI: https://w3id.org/GDPRtEXT#DemonstratingConsent
IRI: https://w3id.org/GDPRtEXT#DirectMarketing
IRI: https://w3id.org/GDPRtEXT#ShouldBeDistinguishableFromOtherMatters
IRI: https://w3id.org/GDPRtEXT#DPA
IRI: https://w3id.org/GDPRtEXT#DPO
IRI: https://w3id.org/GDPRtEXT#DPOObligation
IRI: https://w3id.org/GDPRtEXT#InformationShouldBeEasilyAccessible
IRI: https://w3id.org/GDPRtEXT#EmploymentLaw
IRI: https://w3id.org/GDPRtEXT#Entity
IRI: https://w3id.org/GDPRtEXT#EraseData
IRI: https://w3id.org/GDPRtEXT#EraseWhenConsentWasWithdrawn
IRI: https://w3id.org/GDPRtEXT#EraseWhenDataIsNoLongerNeededForOriginalPurpose
IRI: https://w3id.org/GDPRtEXT#EvaluationOfDataSubject
IRI: https://w3id.org/GDPRtEXT#ExceptionsOnReportingDataSubjectsOfBreach
IRI: https://w3id.org/GDPRtEXT#ExemptedByNationalLaw
IRI: https://w3id.org/GDPRtEXT#ExemptedWithoutProofOfDataSubjectIdentity
IRI: https://w3id.org/GDPRtEXT#ExerciseRights
IRI: https://w3id.org/GDPRtEXT#ExistenceOfSafeguards
IRI: https://w3id.org/GDPRtEXT#ExclusionException
IRI: https://w3id.org/GDPRtEXT#ExplicitPurpose
IRI: https://w3id.org/GDPRtEXT#FactorsForImpactAssessment
IRI: https://w3id.org/GDPRtEXT#SubProcessorMustFollowSameTermsAsProcessorControllerAgreement
IRI: https://w3id.org/GDPRtEXT#RightsProtection
IRI: https://w3id.org/GDPRtEXT#FreelyGivenConsentObligation
IRI: https://w3id.org/GDPRtEXT#GeneticData
IRI: https://w3id.org/GDPRtEXT#GivenConsent
IRI: https://w3id.org/GDPRtEXT#HarmWasRemote
IRI: https://w3id.org/GDPRtEXT#HealthData
IRI: https://w3id.org/GDPRtEXT#HistoricStatisticScientificPurposes
IRI: https://w3id.org/GDPRtEXT#IdentifiableForRequiredProcessing
IRI: https://w3id.org/GDPRtEXT#IdentificationOfDataSubject
IRI: https://w3id.org/GDPRtEXT#IfAndWhereControllerIsProcessingData
IRI: https://w3id.org/GDPRtEXT#ImpactAssessment
IRI: https://w3id.org/GDPRtEXT#ImplementTechnicalMeasuresForCompliance
IRI: https://w3id.org/GDPRtEXT#ImposeConfidentialityObligationOnPersonnel
IRI: https://w3id.org/GDPRtEXT#InformControllerOfConflictWithLaw
IRI: https://w3id.org/GDPRtEXT#InfoAboutAutomatedProcessingWithSignificantEffectsOnDataSubject
IRI: https://w3id.org/GDPRtEXT#InfoAboutCatgegoriesOfDataBeingProcessed
IRI: https://w3id.org/GDPRtEXT#InfoAboutSourceOfData
IRI: https://w3id.org/GDPRtEXT#InfoAboutProcessing
IRI: https://w3id.org/GDPRtEXT#InfoAboutExistenceOfRights
IRI: https://w3id.org/GDPRtEXT#InfoAboutStoragePeriod
IRI: https://w3id.org/GDPRtEXT#InformationAboutThirdParties
IRI: https://w3id.org/GDPRtEXT#InformedConsentObligation
IRI: https://w3id.org/GDPRtEXT#InformationShouldBeIntelligible
IRI: https://w3id.org/GDPRtEXT#IsImpossible
IRI: https://w3id.org/GDPRtEXT#JointController
IRI: https://w3id.org/GDPRtEXT#KeptUpToDate
IRI: https://w3id.org/GDPRtEXT#LargeScaleProcessing
IRI: https://w3id.org/GDPRtEXT#LawfulBasisForProcessing
IRI: https://w3id.org/GDPRtEXT#LegalClaims
IRI: https://w3id.org/GDPRtEXT#LegalObligation
IRI: https://w3id.org/GDPRtEXT#LegitimateInterest
IRI: https://w3id.org/GDPRtEXT#LegitimatePurpose
IRI: https://w3id.org/GDPRtEXT#LiabilityOfJointController
IRI: https://w3id.org/GDPRtEXT#LimitedForProcessing
IRI: https://w3id.org/GDPRtEXT#LinkBetweenNewAndOldPurpose
IRI: https://w3id.org/GDPRtEXT#MadePublicByDataSubject
IRI: https://w3id.org/GDPRtEXT#MaintainRecordOfBreach
IRI: https://w3id.org/GDPRtEXT#MaintainRecordsOfProcessingActivities
IRI: https://w3id.org/GDPRtEXT#Marketing
IRI: https://w3id.org/GDPRtEXT#MaximumValidity3Years
IRI: https://w3id.org/GDPRtEXT#MedicalDiagnosisTreatment
IRI: https://w3id.org/GDPRtEXT#MonitorCompliance
IRI: https://w3id.org/GDPRtEXT#NationalSecurity
IRI: https://w3id.org/GDPRtEXT#NatureOfPersonalData
IRI: https://w3id.org/GDPRtEXT#NoChargeLeviedForRightToAccess
IRI: https://w3id.org/GDPRtEXT#NotFromSilenceOrInactivityConsentObligation
IRI: https://w3id.org/GDPRtEXT#NotFurtherProcessedThanOriginalPurpose
IRI: https://w3id.org/GDPRtEXT#NotForProfitOrg
IRI: https://w3id.org/GDPRtEXT#NotificationRequiresDisproportionateEfforts
IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectAboutDPOForDataBreach
IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectAboutConsequencesOfDataBreach
IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectOfBreach
IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectOfMeasuresTakenForDataBreach
IRI: https://w3id.org/GDPRtEXT#Obligation
IRI: https://w3id.org/GDPRtEXT#ObligationForCollectionOfPersonalData
IRI: https://w3id.org/GDPRtEXT#ObligationForObtainingConsent
IRI: https://w3id.org/GDPRtEXT#ObtainingConsent
IRI: https://w3id.org/GDPRtEXT#OnlyActOnDocumentedInstructionFromController
IRI: https://w3id.org/GDPRtEXT#OutsideMaterialScope
IRI: https://w3id.org/GDPRtEXT#PersonalData
IRI: https://w3id.org/GDPRtEXT#R18
IRI: https://w3id.org/GDPRtEXT#Point
gdpr:article27-2 a eli:LegalResourceSubdivision, GDPRtEXT:Point ; eli:description "The obligation laid down in paragraph 1 of this Article shall not apply to:"^^xsd:string ; eli:is_part_of gdpr:GDPR, gdpr:article27, gdpr:chapterIV, gdpr:chapterIV-1 ; eli:number "2"^^xsd:string ; eli:title_alternative "Article27(2)"^^xsd:string ; GDPRtEXT:hasSubPoint gdpr:article27-2-a, gdpr:article27-2-b ; GDPRtEXT:isPartOfArticle gdpr:article27 ; GDPRtEXT:isPartOfChapter gdpr:chapterIV ; GDPRtEXT:isPartOfSection gdpr:chapterIV-1 .
IRI: https://w3id.org/GDPRtEXT#Principle
IRI: https://w3id.org/GDPRtEXT#Accountability
IRI: https://w3id.org/GDPRtEXT#Accuracy
IRI: https://w3id.org/GDPRtEXT#DataMinimisation
IRI: https://w3id.org/GDPRtEXT#IntegrityAndConfidentiality
IRI: https://w3id.org/GDPRtEXT#LawfulnessFairnessAndTransparency
IRI: https://w3id.org/GDPRtEXT#PurposeLimitation
IRI: https://w3id.org/GDPRtEXT#StorageLimitation
IRI: https://w3id.org/GDPRtEXT#PrivacyByDesign
IRI: https://w3id.org/GDPRtEXT#Processing
IRI: https://w3id.org/GDPRtEXT#ProcessingAffectedVulnerableIndividuals
IRI: https://w3id.org/GDPRtEXT#ProcessingIsUnlawful
IRI: https://w3id.org/GDPRtEXT#ProcessingSensitiveData
IRI: https://w3id.org/GDPRtEXT#ProcessingUsingUntestedTechnologies
IRI: https://w3id.org/GDPRtEXT#Processor
IRI: https://w3id.org/GDPRtEXT#ProcessorObligation
IRI: https://w3id.org/GDPRtEXT#ProcessorRepresentative
IRI: https://w3id.org/GDPRtEXT#PropogateRightsToThirdParties
IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstAccidentalLoss
IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstDamage
IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstDestruction
IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstUnlawfulProcessing
IRI: https://w3id.org/GDPRtEXT#ProvideCopyOfPersonalData
IRI: https://w3id.org/GDPRtEXT#ProvideControllerWithInfoForCompliance
IRI: https://w3id.org/GDPRtEXT#PseudoAnonymousData
IRI: https://w3id.org/GDPRtEXT#PublicInterest
IRI: https://w3id.org/GDPRtEXT#PurposeOfNewProcessing
IRI: https://w3id.org/GDPRtEXT#RacialData
IRI: https://w3id.org/GDPRtEXT#RecordCrossBorderDataTransfer
IRI: https://w3id.org/GDPRtEXT#RecordDataRetentionPeriod
IRI: https://w3id.org/GDPRtEXT#RecordPurposeOfProcessing
IRI: https://w3id.org/GDPRtEXT#RecordSecurityMeasures
IRI: https://w3id.org/GDPRtEXT#RectifyData
IRI: https://w3id.org/GDPRtEXT#RectifyInaccuracy
IRI: https://w3id.org/GDPRtEXT#Recital
gdpr:recital1 a eli:LegalResourceSubdivision, GDPRtEXT:Recital ; eli:description "The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her."^^xsd:string ; eli:is_part_of gdpr:GDPR ; eli:number "1"^^xsd:string .
IRI: https://w3id.org/GDPRtEXT#R17
IRI: https://w3id.org/GDPRtEXT#RegulatoryAuthority
IRI: https://w3id.org/GDPRtEXT#RelevantForProcessing
IRI: https://w3id.org/GDPRtEXT#ReportDataBreachToDPAWithin72Hours
IRI: https://w3id.org/GDPRtEXT#ReportDataBreach
IRI: https://w3id.org/GDPRtEXT#ReportDataBreachToController
IRI: https://w3id.org/GDPRtEXT#RequiresDisproportionateEfforts
IRI: https://w3id.org/GDPRtEXT#RestrictionsOnCrossBorderTransfers
IRI: https://w3id.org/GDPRtEXT#ReturnOrDestroyPersonalDataAtEndTerm
IRI: https://w3id.org/GDPRtEXT#RightOfDataPortability
IRI: https://w3id.org/GDPRtEXT#RightOfErasure
IRI: https://w3id.org/GDPRtEXT#RightToAccessPersonalData
IRI: https://w3id.org/GDPRtEXT#RightToBasicInformationAboutProcessing
IRI: https://w3id.org/GDPRtEXT#RightToNotBeEvaluatedThroughAutomatedProcessing
IRI: https://w3id.org/GDPRtEXT#RightToObjectForDirectMarketting
IRI: https://w3id.org/GDPRtEXT#RightToObjectToProcessing
IRI: https://w3id.org/GDPRtEXT#RightToRectification
IRI: https://w3id.org/GDPRtEXT#RightToRestrictProcessing
IRI: https://w3id.org/GDPRtEXT#RightToTransparency
IRI: https://w3id.org/GDPRtEXT#FreedomsProtection
IRI: https://w3id.org/GDPRtEXT#Seal
IRI: https://w3id.org/GDPRtEXT#SealsAndCertification
IRI: https://w3id.org/GDPRtEXT#Section
gdpr:chapterIV-5 a eli:LegalResourceSubdivision, GDPRtEXT:Section ; eli:is_part_of gdpr:GDPR, gdpr:chapterIV ; eli:number "5"^^xsd:string ; eli:title "Codes of conduct and certification"^^xsd:string ; eli:title_alternative "Section 5"^^xsd:string ; GDPRtEXT:hasArticle gdpr:article40, gdpr:article41, gdpr:article42, gdpr:article43 ; GDPRtEXT:isPartOfChapter gdpr:chapterIV .
IRI: https://w3id.org/GDPRtEXT#SecurityOfPersonalData
IRI: https://w3id.org/GDPRtEXT#SensitivePersonalData
IRI: https://w3id.org/GDPRtEXT#ShouldSupportReuse
IRI: https://w3id.org/GDPRtEXT#ShouldBeStructured
IRI: https://w3id.org/GDPRtEXT#SpecificConsentObligation
IRI: https://w3id.org/GDPRtEXT#SpecifiedPurpose
IRI: https://w3id.org/GDPRtEXT#StoreData
IRI: https://w3id.org/GDPRtEXT#SubProcessor
IRI: https://w3id.org/GDPRtEXT#SubPoint
gdpr:article12-5-b a eli:LegalResourceSubdivision, GDPRtEXT:SubPoint ; eli:description "refuse to act on the request."^^xsd:string ; eli:is_part_of gdpr:GDPR, gdpr:article12, gdpr:article12-5, gdpr:chapterIII, gdpr:chapterIII-1 ; eli:number "b"^^xsd:string ; eli:title_alternative "Article12(5)(b)"^^xsd:string ; GDPRtEXT:isPartOfArticle gdpr:article12 ; GDPRtEXT:isPartOfChapter gdpr:chapterIII ; GDPRtEXT:isPartOfPoint gdpr:article12-5 ; GDPRtEXT:isPartOfSection gdpr:chapterIII-1 .
IRI: https://w3id.org/GDPRtEXT#SystematicMonitoring
IRI: https://w3id.org/GDPRtEXT#InformationShouldBeTransparent
IRI: https://w3id.org/GDPRtEXT#UnlawfulProcessing
IRI: https://w3id.org/GDPRtEXT#UseData
IRI: https://w3id.org/GDPRtEXT#ValidConsent
IRI: https://w3id.org/GDPRtEXT#VitalInterest
IRI: https://w3id.org/GDPRtEXT#VoluntaryOptInConsentObligation
IRI: https://w3id.org/GDPRtEXT#VoluntarySystemOfAccredition
IRI: https://w3id.org/GDPRtEXT#WithdrawingConsent
IRI: https://w3id.org/GDPRtEXT#RequiresWrittenConsentOfControllerToAppointSubProcessor
IRI: https://w3id.org/GDPRtEXT#hasArticle
IRI: https://w3id.org/GDPRtEXT#hasChapter
IRI: https://w3id.org/GDPRtEXT#hasCitation
IRI: http://data.europa.eu/eli/ontology#has_part
has characteristics: transitive
IRI: https://w3id.org/GDPRtEXT#hasPoint
IRI: https://w3id.org/GDPRtEXT#hasRecital
has characteristics: functional
IRI: https://w3id.org/GDPRtEXT#hasSection
IRI: https://w3id.org/GDPRtEXT#hasSubPoint
IRI: http://data.europa.eu/eli/ontology#is_part_of
has characteristics: transitive
IRI: https://w3id.org/GDPRtEXT#isPartOfArticle
has characteristics: functional
IRI: https://w3id.org/GDPRtEXT#isPartOfChapter
has characteristics: functional
IRI: https://w3id.org/GDPRtEXT#isPartOfPoint
has characteristics: functional
IRI: https://w3id.org/GDPRtEXT#isPartOfSection
has characteristics: functional
This work is supported by the ADAPT Centre for Digital Content Technology, which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.
This documentation was produced using Widoco by Daniel Garijo based on LODE a Live OWL Documentation Environment by Silvio Peroni.