language en

GDPRtEXT

Release 2020-03-31

This version:
https://w3id.org/GDPRtEXT/v/0.7
Latest version:
https://w3id.org/GDPRtEXT
Previous version:
https://w3id.org/GDPRtEXT/v/0.6
Revision:
0.7
Authors:
Harshvardhan J. Pandit, (ADAPT Centre, Trinity College Dublin)
Publisher:
ADAPT Centre, Trinity College Dublin
Download serialization:
JSON-LD RDF/XML N-Triples TTL
License:
http://insertlicenseURIhere.org
Visualization:
Visualize with WebVowl
Cite as:
GDPRtEXT - GDPR as a Linked Data Resource Harshvardhan J. Pandit, Kaniz Fatema, Declan O'Sullivan, Dave Lewis. In Proceedings of 15th European Semantic Web Conference (ESWC), Resource Track. Crete, Heraklion, Greece. 2018
DOI: https://doi.org/10.1007/978-3-319-93417-4_31
Provenance of this page
Ontology Specification Draft

Abstract

The General Data Protection Regulation (GDPR) is comprised of several articles, each with points that refer to specific concepts. The general convention of referring to these points and concepts is to quote the specific article or point using a human-readable reference. This ontology provides a way to refer to the points within the GDPR using the EurLex ontology published by the European Publication Office. It also defines the concepts defined, mentioned, and requried by the GDPR using the Simple Knowledge Organization System (SKOS) ontology.

Introduction back to ToC

The GDPRtEXT ontology aims to provide a way to refer and use concepts defined by the General Data Protection Regulation (GDPR). It does so by exposing the text of the GDPR as a linked data resource using the European Legislation Identified (ELI) ontology. SKOS is then used to define concepts defined / specified / used by the GDPR.

The process provides each article or point within the GDPR with a unique ID (also it's linked-data URI) that can be used to refer to it. This is then used to relate each article with the concepts (defined by SKOS) that are defined or mentioned within it or are related to it.

The ELI ontology provides a way to express the individual legislative points using eli:LegalResourceSubdivision which is used to defined the chapters, sections, articles, points, and subpoints within the GDPR. GDPR itself is a represented using all:LegalResource with various properties connecting the related resources. Using these concepts, the GDPR text is given unique identifiers, and then related to the concepts it contains using skos:Concept.

By defining GDPR text as a linked data resource (and using semantic web vocabularies to do so), it is possible to create resources (which can be defined separately or independent of each other) that annotate or refer to the text within the GDPR. For example, a document that refers to specific rights within the GDPR can be created as a table listing the specific articles or points of relevance using their IRI in the GDPRtEXT resource. skos:Concept classes can be further used to annotate these articles and other documentation pertaining to GDPR.

GDPR text distributions

Using the terms defined within the ontology for referring to specific subdivisions within the GDPR, an RDF dataset was created from the GDPR text by assigning each subdivision an unique id (through the RDF URI). The GDPR dataset is available as a DCAT distribution at https://w3id.org/GDPRtEXT/distributions (namespace gdprdist) with the following datasets -

Namespace declarations

Table 1: Namespaces used in the document
bibo<http://purl.org/ontology/bibo/>
dc<http://purl.org/dc/elements/1.1/>
eli<http://data.europa.eu/eli/ontology#>
eurlex<http://eur_lex.europa.eu/legal_content/EN/ALL/>
gdpr<https://w3id.org/GDPRtEXT/gdpr#>
gdprov<https://w3id.org/GDPRov#>
gdprtext<https://w3id.org/GDPRtEXT#>
owl<http://www.w3.org/2002/07/owl#>
rdf<http://www.w3.org/1999/02/22-rdf-syntax-ns#>
rdfs<http://www.w3.org/2000/01/rdf-schema#>
skos<http://www.w3.org/2004/02/skos/core#>
status<http://purl.org/ontology/bibo/status/>
terms<http://purl.org/dc/terms/>
vaem<http://www.linkedmodel.org/schema/vaem#>
vann<http://purl.org/vocab/vann/>
xml<https://w3.org/2001/XMLSchema#>
xsd<http://www.w3.org/2001/XMLSchema#>

GDPR text EXTensions: Overview back to ToC

GDPRtEXT uses the ELI ontology to define various sections within the GDPR such as Chapter, Section, Article, Point, and SubPoint. These are defined using eli:LegalResourceSubdivision. The connection between these subdivisions is defined using properties extended from eli:has_part and eli:is_part_of.


owl:Class rdf:about="https://w3id.org/GDPRtEXT#Article">
        <rdfs:subClassOf rdf:resource="http://data.europa.eu/eli/ontology#LegalResourceSubdivision"/>
        <rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string">Article in GDPR text</rdfs:comment>
        <rdfs:isDefinedBy rdf:resource="http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679"/>
        <rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string">Article</rdfs:label>
        <skos:example>gdpr:article10 a eli:LegalResourceSubdivision,
        GDPRtEXT:Article ;
    eli:is_part_of gdpr:GDPR,
        gdpr:chapterII ;
    eli:number "10"^^xsd:string ;
    eli:title_alternative "Article 10"^^xsd:string ;
    GDPRtEXT:hasPoint gdpr:article10-1 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterII .</skos:example>
    </owl:Class>

gdpr:article1-1 a eli:LegalResourceSubdivision,
        GDPRtEXT:Point ;
    eli:description "This Regulation ..."^^xsd:string ;
    eli:is_part_of gdpr:GDPR,
        gdpr:article1,
        gdpr:chapterI ;
    eli:number "1"^^xsd:string ;
    eli:title_alternative "Article1(1)"^^xsd:string ;
    GDPRtEXT:isPartOfArticle gdpr:article1 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterI .

The concepts within GDPR are expressed using skos:Concept. They are related to the text within the GDPR where they are defined or mentioned using rdfs:isDefinedBy property.


    <owl:Class rdf:about="https://w3id.org/GDPRtEXT#Consent">
        <rdfs:subClassOf rdf:resource="http://www.w3.org/2004/02/skos/core#Concept"/>
        <rdfs:comment xml:lang="en">Consent in the context of the GDPR refers to ...</rdfs:comment>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article4-11"/>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article6-1"/>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital32"/>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital40"/>
        <rdfs:label>Consent</rdfs:label>
    </owl:Class>

The connection between different concepts is represented using the property involves defined by GDPRtEXT.


    <owl:Class rdf:about="https://w3id.org/GDPRtEXT#DataMinimisation">
        <rdfs:subClassOf rdf:resource="https://w3id.org/GDPRtEXT#Principle"/>
        <involves rdf:resource="https://w3id.org/GDPRtEXT#AccurateCollection"/>
        <involves rdf:resource="https://w3id.org/GDPRtEXT#ExplicitPurpose"/>
        <involves rdf:resource="https://w3id.org/GDPRtEXT#PersonalData"/>
        <involves rdf:resource="https://w3id.org/GDPRtEXT#Processing"/>
        <involves rdf:resource="https://w3id.org/GDPRtEXT#SpecifiedPurpose"/>
        <rdfs:comment xml:lang="en">The principle of data minimisation states that personal data must be adequate,
            relevant and limited to what is necessary in relation to the purposes for which they
            are processed.</rdfs:comment>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#article5-1-c"/>
        <rdfs:isDefinedBy rdf:resource="https://w3id.org/GDPRtEXT/gdpr#recital39"/>
        <rdfs:label>Principle of Data Minimisation</rdfs:label>
    </owl:Class>

The hierarchy of skos:Concept within GDPRtEXT is used to reflect the relation of concepts in two different ways. One is to represent subclasses as narrower types of the concept, such as data and personal data. The other is to use subclasses to group related concepts together, as is the case with obligation and DPO obligation and monitor compliance where 'monitor compliance' is also an activity as well as refers to compliance.

There are over 200+ concepts defined within this ontology referring to the GDPR. These were modelled through a reading of the GDPR text and using terms and concepts referred to within the text. The terms are not meant to be instantiated, though in some cases, such as for personal data, it may be beneficial. The aim of the ontology is to provide a way to refer to these concepts and use them in other additional work.

The following diagrams (displayed in two parts for clarity) were generated using Protege and display the classes in GDPRtEXT modeled from an analysis of the GDPR.

GDPR text EXTensions: Description back to ToC

Classes describing structure of GDPR

Chapter

A Chapter is the largest sub-unit in the GDPR. A chapter can contain one or more sections or articles. There are a total of 10 chapters in GDPR, named in the roman style from I to X. Their unique-id in GDPRtEXT is defined as chapterN where N is the chapter number in roman numerals.

Chapters are linked with the GDPR resource through the property hasChapter which specifies that the GDPR contains the referenced chapters.

Chapters are linked to their sections, articles, points, and subpoints using the property isPartOfChapter which specifies that the chapter contains the defined subresource.

Section

A Section is an collection of article within a Chapter. A section can contain one or more articles. Section are named using decimanl numbers from 1. Their unique-id in GDPRtEXT is defined as chapterN-X where N is the chapter number in roman and X is the section number in decimal numerals.

Sections are linked to their chapters using the property hasSection which specifies that the chapter contains the referenced section.

Sections are linked to their articles, points, and subpoints using the property isPartOfSection which specifies that the section contains the defined subresource.

Article

A Article is a unit of points within the GDPR. A article can contain one or more points, each of which can contain zero or more subpoints. Article are named using decimanl numbers from 1. Their unique-id in GDPRtEXT is defined as articleX where X is the article number in decimal numerals.

Articles are linked to their chapters and sections using the property hasArticle which specifies that the chapter or section contains the referenced article.

Articles are linked to their points and subpoints using the property isPartOfArticle which specifies that the article contains the defined subresource.

Point

A Point is an paragraph or point of text within an article. It can contain zero or more sub-points. It's unique id in GDPRtEXT is defined as articleX-Y where X is the article number in decimal, and Y is the point number (or letter).

Points are linked to their articles using the property hasPoint which specifies that the article contains the referenced point.

Points are linked to their subpoints using [isPartOfPoint](#isPartOfPoint] which specifies that the point contains the defined subpoints.

Sub-Point

A SubPoint is an paragraph or subpoint of text within a point of an article. It's unique id in GDPRtEXT is definde as articleX-Y-Z where X is the article number in decimal, and Y is the point number (or letter) and Z is the subpoint number (or letter).

SubPoints are linked to their points using the property hasSubPoint which specifies that the point contains the referenced subpoint.

Recital

A Recital is the text preceding the chapters and articles of the GDPR which specifies the reasons and provisions for the GDPR. It's unique id in GDPRtEXT is defined as recitalX where X is the recital number.

Recitals are linked to GDPR using the property hasRecital which specifies that the referenced recital is part of GDPR.

Citation

The Citation within the GDPR text are references to other documents. The unique id for citations is given by citationX where X is the citation number.

Citations are referenced to legal resources using the property hasCitation which specifies that the citation occurs or is referenced within that legal resource.

Object Properties

Classes defining concepts of GDPR

All concepts from the GDPR are described using `skos:Concept` where the hierarchy of concepts signifies the relationship of being narrow, specific, or related grouping of concepts. #### Data [Data](#Data) refers to the generic usage of the term 'data' and contains subclasses defining [personal data](#PersonalData) along with the various specific types of [sensitive personal data](#SensitivePersonalData) mentioned in the GDPR text. This also contains concepts related to representing [anonymised](#AnonymousData) and [pseudonymised](#PseudoAnonymousData) data.

Consent

Consent refers specifically to the concept of consent as specified within the GDPR. It contains concepts to refer to the given consent and to consent that is considered to be valid under the GDPR.

Entity

Entity refers to specific entities that are mentioned or are referred to by the GDPR such as data subject, controller, processor, data protection office (DPO), etc.

Activity

Activity refers to some process or action mentioned, referred, implied, or defined by the GDPR. It contains concepts to distinguish between activities about consent and activities involving data. It also defines several other activities related to the functioning of the GDPR such as reporting data breach, processing, demonstrating consent, etc.

Consent Activity
Consent Activity refers to activities that deal or interact with consent.
Data Activity
Data Activity refers to activities that interact or involve data. _Processing_ is a Data Activity that uses data (therefore is the same as 'Use Data'). But because GDPR specifically mentions Processing in several of its points, there is a separate activity defined as Processing which is equivalent to 'Use Data'.
Processing
Processing refers to the activity of 'processing' data, which can be considered to be the same as 'use data'. This concept is equivalent to 'Use Data'.
Reporting Data Breach
The activity of reporting a data breach.
Other Activities
These are other activities that are not categorised or grouped together.

Compliance

Compliance refers to the compliance towards the GDPR and contains concepts regarding the same.

Principles

GDPR mentions several _principles_ which are reflected by these concepts.

Rights

GDPR provides the data subject with several 'rights' which are reflected in these concepts.
Right of Data Portability
Right of Erasure
Right to Access Personal Data
Right to Basic Information about Processing
Right to restrict Processing
Right to Transparency
Other Rights

Obligations

Obligations specified by the GDPR are represented by these concepts.
Controller Obligations
Processor Obligations
DPO Obligations
Lawful Basis for Processing
**Valid Consent**: As a valid consent is the lawful basis for processing, the following concepts are defined for the validity of such consent as specified by the GDPR.
Obligations for Data Collection
Obligations for Obtaining Consent
Obligations for Retention of Personal Data
Obligation for Security of Personal Data

Seals and Certifications

GDPR has provisions for seals and certifications which can help organisations with a measure of compliance as well as good practices. The following concepts reflect such seals and certifications. The following refer to the conditions for awarding such seals and certifications.

Example Use-Cases back to ToC

Compliance Reports back to ToC

This example use-case takes a look at how references to GDPR can aid in creation of compliance reports. For this, we consider a system for creation of compliance reports that stores information related to each of the obligations it addresses from the GDPR. It uses the EARL vocabulary for expressing results of conformance checks within the report. GDPRtEXT is used to link the resources in EARL reports with articles and points within the GDPR as well as to express and define concepts related to compliance in a suitable and comprehensible manner.

EARL provides a standardized vocabulary to describe specific resources and relationships that are relevant to test reporting. The core construct of EARL is an Assertion, which describes the context and outcome of an individual test execution. It contains the following information (copied verbatim from EARL website):

  • Assertor - This can include information about who or what ran the test. For example human evaluators, automated accessibility checkers, or combinations of these.
  • Test Subject - This can include web content (such as web pages, videos, applets, etc.), software (such as authoring tools, user agents, etc.), or other things being tested.
  • Test Criterion - What are we evaluating the test subject against? This could be a specification, a set of guidelines, a test from a test suite, or some other testable statement.
  • Test Result - What was the outcome of the test? A test result could also include contextual information such as error messages or relevant locations within the test subject.

Taking the example of Right to Data Portability, the EARL report below represents compliance checks with conditions associated with the relevant articles in GDPR (Article 20). The compliance system has a module _system_dataportability that checks the software that handles the provision of personal data copy _org_dataportability through the test case _test_provide_data_copy and generates the following report which shows that the test has passed in _result_pass.


@prefix earl: http://www.w3.org/ns/earl# .
@prefix dct:  http://purl.org/dc/terms/ .
@prefix gdprtext: http://purl.org/adaptcentre/resources/GDPRtEXT# .

:_org_dataportability
    a   earl:TestSubject, earl:Software ;
    dct:description """System that handles data portability requests"""@en ;
    dct:title "Data Portability Handler"@en .

:_system_dataportability
    a   earl:Assertor ;
    dct:description """Module checking data portability obligations"""@en ;
    dct:hasVersion "1.4" ;
    dct:title "DataPortability Module"@en ;
    earl:asserts { :_org_dataportability :_result_pass :_test_provide_data_copy } .

:_result_pass
    a   earl:ResultProperty ;
    earl:date "2018-01-01" ;
    earl:validity earl:Pass ;
    earl:confidence earl:High .

:_test_provide_data_copy
    a   earl:TestCase ;
    earl:testMode earl:automatic ;
    dct:title "Test provision of data copy"@en ;
    dct:description """Tests whether system provides a copy of personal data on exercising right to data portability"""@en ;
    dct:subject gdprtext:article20 .

Now to gather such related resources together, a SPARQL query (simplified) would focus on the link between TestCase and its result using earl:validity.


SELECT ?gdpr ?result ?confidence ?mode WHERE {
    ?assertor a earl:Assertor .
    ?assertor earl:asserts ?assertion .
    
    ?testcase rdf:predicate ?assertion .
    ?testcase a earl:TestCase .
    ?testcase dct:subject ?gdpr .
    ?testcase ear:testMode ?mode .
    
    ?testresult rdf:object ?assertion .
    ?testresult a earl:ResultProperty .
    ?testresult earl:validity ?result .
    ?testresult earl:confidence ?confidence .
}

Which will give a table like:


| gdpr          | result    | confidence    | mode          |
|-----------    |--------   |------------   |-----------    |
| article16     | pass      | low           | automatic     |
| article17     | pass      | high          | automatic     |
| article18     | fail      | high          | manual        |
| article19     | pass      | high          | automatic     |

These can be further combined using Test Suites to group compliance checks related to each article or a particular concept and structure the testing around this form of logical grouping of concepts.

Link obligations from Data Protection Directive back to ToC

The Data Protection Directive (DPD) is the previous data protection legislation which was adopted in 1995 and is superseded by the GDPR. As a large number of solutions and approaches already exist that address compliance with the DPD, it would be beneficial to look into reusing these existing solutions for GDPR. To that end, we provide a mapping from DPD obligations to GDPR obligations containing annotations that describe the nature of change between the two. The annotation also describes changes required in our previous work in using XACML rules to model DPD obligations [1][2].

The annotations are available online on the OpenScience website in the form of a HTML table as well as a CSV file and a RDF dataset. Each row (HTML table, CSV) has 5 columns that contain a reference from a point in DPD to its corresponding point in the GDPR, the nature of change between the two, whether the corresponding XACML rule needs to be extended, and a description comment. The nature of change is represented as one of the following - same, reduced, slightly changed, completely changed, and extended. For XACML rules, the notation N/A is used in the case where there were no XACML rules for DPD but the corresponding point in GDPR has changed. The value No is used where there is no change in the GDPR obligation or the existing XACML rule is sufficient to handle the change, whereas Yes is used to indicate a change required in the XACML rule to handle the obligation.


@prefix gdpr: https://w3id.org/GDPRtEXT/gdpr# .
@prefix dpd: https://w3id.org/GDPRtEXT/dpd# .
@prefix rdfs: http://www.w3.org/2000/01/rdf-schema# .

dpd:mappingrule6
    a dpd:DPDToGDPR_Annotation ;
    dpd:hasChange dpd:ChangeExtended ;
    dpd:hasXACMLChange dpd:XACMLNoChange ;
    dpd:resourceInDPD dpd:Article7 - a ;
    dpd:resourceInGDPR gdpr:Article6-1-a ;
    rdfs:comment "added consent given to ..." .

To model the annotations as a RDF resource using GDPRtEXT, we created a linked data version of the DPD which assigned URIs for every resource in the legislation similar to the GDPR linked data resource. The annotations are represented as instances of the class DPDToGDPRAnnotation. The property resourceInDPD is used to refer to the particular resource within DPD through its URI. Similarly, the property resourceInGDPR is used to refer to the corresponding resource in GDPR. The nature of change is defined using the property hasChange whose value is an instances of the class ChangeInObligation, with defined instances for Extended, Same, Reduced, CompletelyChanged, and SlightlyChanged. Similarly, the change in the XACML rules is defined as a property whose values are one of Yes, No, and N/A defined as instances of the class ChangeInXACMLRule. Comments are defined using the rdfs:comment property.

Cross reference for GDPR text EXTensions classes, properties and dataproperties back to ToC

This section provides details for each class and property defined by GDPR text EXTensions.

Classes

Accuracy is contestedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AccuracyIsContested

The data subject can exercise the right to restrict processing of their personal data when the accuracy of personal data is contested
has super-classes
Right to restrict processing c

Accurate Collectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AccurateCollection

This obligation specifies that the collection of (or collected) personal data should in an accurate form - i.e. the personal data should be accurate.
has super-classes
Obligation for data collection c

Activityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Activity

An Activity signifies some process(es) or step(s) towards specific deed(s), action(s), function(s), or sphere(s) of action.
has super-classes
concept c
has sub-classes
Appointment of Processors c, Consent Activity c, Data Activity c, Demonstrating Consent c, Exercise Rights c, Identification of Data Subject c, Impact Assessment c, Marketing c, Monitor Compliance c, Processing c, Propogate rights to Third Parties c, Report Data Breach c, Security of Personal Data c, Systematic Monitoring c

Adequate for processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AdequateForProcessing

Only the personal data adequat for required processing should be maintained
has super-classes
Data Retention c

Adherencec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AdherenceToSealCertification

The seal or certification does not reduce or impact the responsiblity of the controller or processor for compliance with the GDPR
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article42-4
https://w3id.org/GDPRtEXT/gdpr#article42-6
has super-classes
Awarding Seals and Certifications c

Agreement between Processor and Controllerc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessorControllerAgreement

Signifies the agreement between Controller and Processors for processing of personal data
has super-classes
concept c

Anonymous Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AnonymousData

Data is termed to be anonymous if it cannot be connected or associated with individual person or persons that have provided or are associated with it.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital26
has super-classes
Data c

Appointing Sub-Processorsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AppointingSubProcessors

These are the obligations for Processors over appointing sub-processors
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-2
https://w3id.org/GDPRtEXT/gdpr#article28-4
has super-classes
Processor Obligations c
has sub-classes
Follow same terms c, Written consent of Controller c

Appointment of Processorsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AppointmentOfProcessors

These are the obligations specified by the GDPR for the appointment of Processors by Controllers.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-1
https://w3id.org/GDPRtEXT/gdpr#article28-2
https://w3id.org/GDPRtEXT/gdpr#article28-3
https://w3id.org/GDPRtEXT/gdpr#recital81
has super-classes
Activity c, Controller Obligation c

Archive Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ArchiveData

An activity where personal data is archived
has super-classes
Data Activity c

Articlec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Article

Article in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:article10 a eli:LegalResourceSubdivision,
        GDPRtEXT:Article ;
    eli:is_part_of gdpr:GDPR,
        gdpr:chapterII ;
    eli:number "10"^^xsd:string ;
    eli:title_alternative "Article 10"^^xsd:string ;
    GDPRtEXT:hasPoint gdpr:article10-1 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterII .
has super-classes
legal resource subdivision c
is in range of
has Article op, is part of Article op

Assist in complying with rightsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AssistInComplyingWithRights

Processors must assist Controllers in complying with the various rights provided by the GDPR to data subjects which can be exercised at any time.
has super-classes
Processor Obligations c

Automated Processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AutomatedProcessing

This is automated processing of data subject's personal data.
has super-classes
Processing c
has sub-classes
Automatic decision making with significant effect c

Automatic decision making with significant effectc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#AutomatedDecisionMakingWithSignificantEffect

This type of processing involves automated processing that does decision making having significant effects on the data subject.
has super-classes
Automated Processing c, Factors for Impact Assessment c

Awarding Seals and Certificationsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ConditionsForSealsAndCertifications

GDPR mentions some conditions or criterion for the creation and issuing of seals and certifications pertaining to GDPR compliance
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article42
https://w3id.org/GDPRtEXT/gdpr#article43
has super-classes
Seals and Certifications c
has sub-classes
Adherence c, Maximum validty 3 years c, Voluntary accredition c

Can be withdrawn easilyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CanBeWithdrawnEasilyConsentObligation

This obligation states that the data subject should be able to withdraw the consent as easily as it was to give it.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article7-3
https://w3id.org/GDPRtEXT/gdpr#recital42
https://w3id.org/GDPRtEXT/gdpr#recital65
has super-classes
Obligation for obtaining consent c

Categories of data subjects and personal datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordCategoriesOfDataSubjectsAndPersonalData

This obligation requires Controllers to record the categories of data subjects and the personal data involved in processing/activities.
has super-classes
Maintain records for processing c

Certificationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Certification

A certification pertaining to GDPR compliance
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital77
https://w3id.org/GDPRtEXT/gdpr#recital81
has super-classes
Seals and Certifications c

Certification Bodyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CertificationBody

A Certification Body is an entity that can award/issue/renew a certification pertaining to compliance towards the GDPR.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article43
has super-classes
Entity c

Chapterc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Chapter

Chapter in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:chapterI a eli:LegalResourceSubdivision,
        GDPRtEXT:Chapter ;
    eli:is_part_of gdpr:GDPR ;
    eli:number "I"^^xsd:string ;
    eli:title "General provisions"^^xsd:string ;
    eli:title_alternative "Chapter I"^^xsd:string ;
    GDPRtEXT:hasArticle gdpr:article1,
        gdpr:article2,
        gdpr:article3,
        gdpr:article4 .
has super-classes
legal resource subdivision c
is in range of
has Chapter op, is part of Chapter op

Citationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Citation

Citation in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:citation1 a eli:LegalResourceSubdivision,
        GDPRtEXT:Citation ;
    eli:description "OJ C 229, 31.7.2012, p. 90."^^xsd:string ;
    eli:is_part_of gdpr:GDPR ;
    eli:number "1"^^xsd:string .
has super-classes
legal resource subdivision c
is in range of
has Citation op

Clear explanationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ClearExplanationOfProcessingConsentObligation

Obtaining consent must provide clear explanations of the processing involved over the personal data
has super-classes
Obligation for obtaining consent c

Co-operate with DPAc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CooperateWithDPA

This obligation specifies the Controller/Processor must co-operate with the Data Protection Authority (DPA).
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article31
https://w3id.org/GDPRtEXT/gdpr#recital82
has super-classes
Controller Obligation c, Processor Obligations c

Code of Conductc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CodeOfConduct

A Code of Conduct for the purpose of specifying the application of GDPR which may be monitored, evaluated, or processed by a third party appointed by the organisation.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article40-2
https://w3id.org/GDPRtEXT/gdpr#recital77
https://w3id.org/GDPRtEXT/gdpr#recital81
https://w3id.org/GDPRtEXT/gdpr#recital98
https://w3id.org/GDPRtEXT/gdpr#recital99
has super-classes
concept c

Collection Mechanismc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CollectionMechanism

Specifies collection mechanism used to collect personal data
has super-classes
Collection of Personal Data c

Collection of Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CollectionOfPersonalData

Collection of Personal Data is an Activity that deals with acquiring data subject's personal data through some model of interaction.
has super-classes
Data Activity c
has sub-classes
Collection Mechanism c

Compliancec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Compliance

Represents the act of complying with the obligations and actions specified by the GDPR.
has super-classes
concept c
has sub-classes
Demonstrating Consent c, Monitor Compliance c, Report Data Breach c

Compliance with Controller's instructionsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ComplianceWithControllersInstructions

The processor has an obligation to comply with the controller's instructions
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article29
has super-classes
Processor Obligations c

Concisec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformationShouldBeConcise

The information provided under the right to transparency should be concise
has super-classes
Right to Transparency c

Confirming or matching datasetsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ConfirmingOrMatchingDatasets

This type of processing involves matching data subject's identity or personal data in different datasets.
has super-classes
Factors for Impact Assessment c, Processing c

Consent Activityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ConsentActivity

An activity involving data subject's consent.
has super-classes
Activity c
has sub-classes
Obtaining Consent from Data Subject c, Withdrawing Given Consent c

Consequences for data subjectsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PossibleConsequenceForDataSubject

The possible consequences of the change in processing for the data subject
has super-classes
Purpose of new processing c

Context of data collectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ContextOfDataCollection

The purpose of new processing should take the context of how the original data was collected into consideration
has super-classes
Purpose of new processing c

Contract with Data Subjectc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ContractWithDataSubject

The lawful basis for processing personal data is provided through a contract with the data subject.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-b
https://w3id.org/GDPRtEXT/gdpr#recital44
has super-classes
Lawful Basis c

Controllerc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Controller

The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-10
https://w3id.org/GDPRtEXT/gdpr#article4-7
https://w3id.org/GDPRtEXT/gdpr#article6-5
has super-classes
Entity c
has sub-classes
Joint Controller c

Controller Accountabilityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ControllerAccountability

These obligations specify the accountability of the Controller.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-2
https://w3id.org/GDPRtEXT/gdpr#recital85
has super-classes
Controller Obligation c

Controller has taken actionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ControllerHasTakenAction

The data subjects were not notified about the data breach because the controller had already taken action regarding the data breach.
has super-classes
Exceptions on reporting data breach c

Controller Obligationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ControllerObligation

These are the obligations specified by the GDPR as being specifically the responsbility of the Controller.
has super-classes
Obligation c
has sub-classes
Appointment of Processors c, Co-operate with DPA c, Controller Accountability c, Controller Responsibility c, Data Security c, Data protection by design and default c, Liability of Joint-Controllers c, Maintain records for processing c, Privacy by Design c, Propogate rights to Third Parties c, Report Data Breach c

Controller Representativec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ControllerRepresentative

A natural or legal person established in the Union who, designated by the controllerin writing, represents the controller with regard to their respective obligations under the GDPR.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article27
https://w3id.org/GDPRtEXT/gdpr#article4-17
https://w3id.org/GDPRtEXT/gdpr#recital80
has super-classes
Entity c

Controller Responsibilityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ControllerResponsibility

These obligations specify the responsiblity of the Controller
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article24
https://w3id.org/GDPRtEXT/gdpr#recital74
has super-classes
Controller Obligation c
has sub-classes
Implement technical measures c

Copy should be in a commonly used formatc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldBeCommonlyUsedFormat

The provided copy of personal data should be in a commonly used format
has super-classes
Provide copy of Personal Data c

Copy should be in a machine readable formatc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldBeMachineReadable

The provided copy of personal data should be machine readable
has super-classes
Provide copy of Personal Data c

Covered by Directive (EU) 2016/680c back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#R19

Exempted as it involves areas covered by Directive (EU) 2016/680
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital19
has super-classes
Exlcusions and Exceptions c

Cross-border Transferc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#CrossBorderTransfer

Cross-border data transfer refers to data transfer crossing the boundaries of EU (legislative) region.
has super-classes
Data Activity c, Factors for Impact Assessment c

Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Data

A generic term to refer to Data.
has super-classes
concept c
has sub-classes
Anonymous Data c, Personal Data c, Pseudo-anonymous data c

Data Activityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataActivity

An activity involving personal data of data subject(s).
has super-classes
Activity c
has sub-classes
Archive Data c, Collection of Personal Data c, Cross-border Transfer c, Erase Data c, Provide copy of Personal Data c, Rectify Data c, Share Personal Data with Third Party c, Store Data c, Use Data c

Data Breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataBreach

A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-12
has super-classes
concept c

Data inferred or derivedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataWasInferredOrDerived

The obligation or activity coult not be completed because the data was inferred or derived, and therefore did not come from the data subject or other sources.
has super-classes
Exlcusions and Exceptions c

Data no longer needed for original purposec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataNoLongerNeededForOriginalPurpose

The data subject can exercise the right to restrict processing of their personal data when the personal data is no longer required for the original purpose it was collected under
has super-classes
Right to restrict processing c

Data protection by design and defaultc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataProtectionByDesignAndByDefault

This obligation requires Controllers to follow data protection by design and by default.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article25
https://w3id.org/GDPRtEXT/gdpr#recital78
has super-classes
Controller Obligation c

Data Retentionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RetentionOfPersonalData

These are the obligations specified by the GDPR on the retention of personal data
has super-classes
Obligation c
has sub-classes
Adequate for processing c, Identifiable for required processing c, Kept up to date c, Limited for processing c, Rectify Inaccuracies c, Relevant for processing c

Data Securityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataSecurity

These are obligations regarding security of data managed by the Controllers.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-1
https://w3id.org/GDPRtEXT/gdpr#article28-3-e
https://w3id.org/GDPRtEXT/gdpr#article28-4
https://w3id.org/GDPRtEXT/gdpr#article32
https://w3id.org/GDPRtEXT/gdpr#recital83
has super-classes
Controller Obligation c, Processor Obligations c

Data Subjectc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataSubject

An individual or entity to whom their personal data relates.
has super-classes
Entity c

Data Subject's Rightsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Rights

The GDPR provides several rights to the data subjects which may be exercised at any time by the data subject and which are mandatory for the organisation to provide, comply with, and inform the data subject about.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article12-2
https://w3id.org/GDPRtEXT/gdpr#recital59
has super-classes
concept c
has sub-classes
Right of Data Portability c, Right of Erasure c, Right to Access Personal Data c, Right to Transparency c, Right to basic information about processing of personal data c, Right to not be evaluated through automated processing c, Right to object direct marketting c, Right to object processing c, Right to rectify c, Right to restrict processing c

Demonstrablec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldBeDemonstrable

Obtained consent should be in a demonstrable form
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article7-1
https://w3id.org/GDPRtEXT/gdpr#recital42
has super-classes
Obligation for obtaining consent c

Demonstrating Consentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DemonstratingConsent

The act of demonstrating consent is an activity whereby previously acquired consent is provided as sufficient justification for processing activities involving data subject's personal information.
has super-classes
Activity c, Compliance c

Direct Marketingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DirectMarketing

Type of Marketing that reaches data subjects directly by communications directly addressed to the data subject.
has super-classes
Marketing c

Distinguishable from other mattersc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldBeDistinguishableFromOtherMatters

Obtained consent should be distinguishable from other related matters (in the context of the process)
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article7-2
has super-classes
Obligation for obtaining consent c

DPAc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DPA

The Data Protection Authority (DPA) is a public institution responsible for monitoring the application of data protection laws.
has super-classes
Entity c

DPOc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DPO

The Data Protection Officer (DPO) is an individual(s) appointed by the organisation to monitor compliance and assist in complying with the GDPR.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article38-6
https://w3id.org/GDPRtEXT/gdpr#article39
has super-classes
Entity c

DPO Obligationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DPOObligation

These are the obligations specified for the Data Protection Office (DPO) within the GDPR
has super-classes
Obligation c
has sub-classes
Monitor Compliance c

Easily Accessiblec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformationShouldBeEasilyAccessible

The information provided under the right to transparency should be easily accessible
has super-classes
Right to Transparency c

Employment Lawc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#EmploymentLaw

Lawful basis for processing is provided by Employment Law
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-2-b
has super-classes
Lawful Basis c

Entityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Entity

A general term for any institution, company, corporation, partnership, government agency, university, or any other organization including individuals.
has super-classes
concept c
has sub-classes
Certification Body c, Controller c, Controller Representative c, DPA c, DPO c, Data Subject c, Processor c, Processor Representative c, Regulatory Authority c

Erase Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#EraseData

An activity that erases data
has super-classes
Data Activity c

Erase if conesnt was withdrawnc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#EraseWhenConsentWasWithdrawn

The right of erasure applies when the data subject withdraws given consent
has super-classes
Right of Erasure c

Erase if no longer needed for original purposec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#EraseWhenDataIsNoLongerNeededForOriginalPurpose

The right to erasure applies where data is no longer needed for original purposes for which it was collected
has super-classes
Right of Erasure c

Evaluation of data subjectsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#EvaluationOfDataSubject

Whether the proposed activity involves the evaluation of the data subject.
has super-classes
Factors for Impact Assessment c

Exceptions on reporting data breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExceptionsOnReportingDataSubjectsOfBreach

Exceptions associated with compliance for reporting data breach to the affected data subjects.
has super-classes
Exlcusions and Exceptions c
has sub-classes
Controller has taken action c, Harm was remote c, Notification requires disproportionate efforts c

Exempted by National Lawc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExemptedByNationalLaw

Lawful basis for processing is provided by National Law
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-4
has super-classes
Lawful Basis c

Exempted without identityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExemptedWithoutProofOfDataSubjectIdentity

The request or activity could not or was not completed because there was no sufficient proof of the data subject's identity.
has super-classes
Exlcusions and Exceptions c

Exercise Rightsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExerciseRights

The activity represents exercising of rights provided by GDPR by the data subject.
has super-classes
Activity c

Existence of safeguardsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExistenceOfSafeguards

The purpose of new processing should take into context the existence of appropriate safeguards
has super-classes
Purpose of new processing c

Exlcusions and Exceptionsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExclusionException

Exclusions and Exemptions provided by the GDPR for not complying with the specified obligations.
has super-classes
concept c
has sub-classes
Covered by Directive (EU) 2016/680 c, Data inferred or derived c, Exceptions on reporting data breach c, Exempted without identity c, Freedoms protection c, Is impossible c, National Security c, Outside Material Scope c, Personal or Household activity c, Regulation (EC) No 45/2001 c, Requires disproportionate efforts c, Rights protection c

Explicit Purposec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ExplicitPurpose

This obligation specifies that the collected (or collection) of personal data should be for/with explicit purposes.
has super-classes
Obligation for data collection c

Follow same termsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SubProcessorMustFollowSameTermsAsProcessorControllerAgreement

Sub-processors must follow the same rules and obligations (or terms) as the agreement between processor and controller.
has super-classes
Appointing Sub-Processors c

Freedoms protectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightsProtection

The stated obligation could not be completed as it concerns freedoms protection.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital16
has super-classes
Exlcusions and Exceptions c

Freely givenc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#FreelyGivenConsentObligation

GDPR obligation that specifies consent must be freely given by the data subject for it to be valid.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article7-4
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Valid Consent c

Genetic Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#GeneticData

Personal data relating to the inherited or acquired genetic characteristics of a natural person which result from the analysis of a biological sample from the natural person in question, in particular chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis, or from the analysis of another element enabling equivalent information to be obtained.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital34
has super-classes
Sensitive Personal Data c

Given Consentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#GivenConsent

Given Consent refers specifically to the form of consent given by the data subject in relation to their personal data and the proposed usage by activities.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-a
https://w3id.org/GDPRtEXT/gdpr#article9-2-a
https://w3id.org/GDPRtEXT/gdpr#recital32
https://w3id.org/GDPRtEXT/gdpr#recital42
https://w3id.org/GDPRtEXT/gdpr#recital43
has super-classes
Consent c, Lawful Basis c
has sub-classes
Valid Consent c

Harm was remotec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#HarmWasRemote

The data subjects were not notified about the data breach because the harm was deemed to be remote.
has super-classes
Exceptions on reporting data breach c

Health datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#HealthData

Personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-15
https://w3id.org/GDPRtEXT/gdpr#recital35
https://w3id.org/GDPRtEXT/gdpr#recital53
https://w3id.org/GDPRtEXT/gdpr#recital54
has super-classes
Sensitive Personal Data c

Historic, Statistical, or Scientific purposesc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#HistoricStatisticScientificPurposes

Lawful basis if provided by the GDPR for processing related to historic, statistical, or scientific purposes.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article21-6
https://w3id.org/GDPRtEXT/gdpr#article83-1
https://w3id.org/GDPRtEXT/gdpr#article9-2-j
https://w3id.org/GDPRtEXT/gdpr#recital156
has super-classes
Lawful Basis c

Identifiable for required processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#IdentifiableForRequiredProcessing

Retention of personal data should be identifiable for the requried processing
has super-classes
Data Retention c

Identification of Data Subjectc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#IdentificationOfDataSubject

Activity where the data subject is explicitly identified through direct or indirect means.
has super-classes
Activity c

If and where Controller is processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#IfAndWhereControllerIsProcessingData

The right to access personal data also includes information about whether and where the controller is processing the data subject's personal data
has super-classes
Right to Access Personal Data c

Impact Assessmentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ImpactAssessment

The activity wherein the controller carries out an assessment of the impact of the envisaged processing operations on the protection of personal data.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital90
has super-classes
Activity c

Implement technical measuresc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ImplementTechnicalMeasuresForCompliance

This obligation requires Controllers to implement the required technical measures necessary for compliance of the GDPR
has super-classes
Controller Responsibility c

Impose confidentiality obligations on personnelc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ImposeConfidentialityObligationOnPersonnel

The processor must impose confidentiality agreements on its personnel in relation to handling of personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-3-b
https://w3id.org/GDPRtEXT/gdpr#article29
has super-classes
Processor Obligations c

Inform Controller of conflict with lawc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformControllerOfConflictWithLaw

In case of conflict with the controller's intructions and the law, the processor must immediately inform the controller of this conflict
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article28-3-4
has super-classes
Processor Obligations c

Information about automated processing with significant effectsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutAutomatedProcessingWithSignificantEffectsOnDataSubject

The right to access personal data also includes information about automated processing that has significant effects on the data subject.
has super-classes
Right to Access Personal Data c

Information about categories of data being processedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutCatgegoriesOfDataBeingProcessed

The right to access personal data also includes information about categories of data being processed
has super-classes
Right to Access Personal Data c

Information about categories of recipientsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutCategoriesOfRecipientsDataSharedWith

The right to access personal data also includes information about the categories of recipients the data is shared with.
has super-classes
Right to Access Personal Data c

Information about data sourcec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutSourceOfData

The right to access personal data also includes information about the source of the personal data
has super-classes
Right to Access Personal Data c

Information about processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutProcessing

The right to access personal data also includes information about the processing of personal data of the data subject
has super-classes
Right to Access Personal Data c

Information about rightsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutExistenceOfRights

The right to access personal data also includes information about the existence of rights provided by the GDPR to the data subject
has super-classes
Right to Access Personal Data c

Information about storage periodc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InfoAboutStoragePeriod

The right to access personal data also includes information about the storage period of the data subject's personal data
has super-classes
Right to Access Personal Data c

Information about third partiesc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformationAboutThirdParties

The right to basic information also provides data subject's with information about third parties involved in the processing.
has super-classes
Right to basic information about processing of personal data c

Informedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformedConsentObligation

GDPR obligation that specifies consent must be informed for it be valid.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-11
https://w3id.org/GDPRtEXT/gdpr#article7-1
https://w3id.org/GDPRtEXT/gdpr#recital32
https://w3id.org/GDPRtEXT/gdpr#recital42
has super-classes
Valid Consent c

Intelligiblec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformationShouldBeIntelligible

The information provided under the right to transparency should be intelligible
has super-classes
Right to Transparency c

Is impossiblec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#IsImpossible

The obligation or activity could not be completed as it was deemed to be impossible.
has super-classes
Exlcusions and Exceptions c

Joint Controllerc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#JointController

A joint controller is two or more controllers jointly determine the purposes and means of processing.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article26
https://w3id.org/GDPRtEXT/gdpr#article4-7
https://w3id.org/GDPRtEXT/gdpr#recital79
has super-classes
Controller c

Kept up to datec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#KeptUpToDate

Retained personal data must be kept up-to-date
has super-classes
Data Retention c

Large scale processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LargeScaleProcessing

The processing of personal data at a large scale of quantity or significant proportions.
has super-classes
Factors for Impact Assessment c, Processing c

Legal Claimsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LegalClaims

Lawful basis for processing is provided by legal claims.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-2-f
has super-classes
Lawful Basis c

Legal Obligationsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LegalObligation

Lawful basis for processing is covered by legal obligation(s).
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-c
https://w3id.org/GDPRtEXT/gdpr#article6-3
https://w3id.org/GDPRtEXT/gdpr#recital45
has super-classes
Lawful Basis c

Legitimate Interestsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LegitimateInterest

Lawful basis for processing is provided through the legitimate interests pursued by the Controller or by a third party
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-f
https://w3id.org/GDPRtEXT/gdpr#recital47
https://w3id.org/GDPRtEXT/gdpr#recital48
has super-classes
Lawful Basis c

Legitimate purposec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LegitimatePurpose

This specifies that the collection (or collected) personal data should be used/specified to be used for legitimate purposes.
has super-classes
Obligation for data collection c

Liability of Joint-Controllersc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LiabilityOfJointController

These specify the liability of Joint Controllers, i.e. cases where more than one Controller share the responsiblity.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article26-3
https://w3id.org/GDPRtEXT/gdpr#article82-3
https://w3id.org/GDPRtEXT/gdpr#article82-5
https://w3id.org/GDPRtEXT/gdpr#recital146
https://w3id.org/GDPRtEXT/gdpr#recital79
has super-classes
Controller Obligation c

Limited for processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LimitedForProcessing

Personal data retained should be limited in its use only for the requried processing
has super-classes
Data Retention c

Lnk between new and old processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LinkBetweenNewAndOldPurpose

Whether there is a link between the new and old purposes of processing
has super-classes
Purpose of new processing c

Made Publicc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MadePublicByDataSubject

Lawful basis is provided through the data being publicly made available by the data subject
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-2-e
has super-classes
Lawful Basis c

Maintain Record of Breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MaintainRecordOfBreach

GDPR mandates the recording of data breaches and its effects.
has super-classes
Report Data Breach c

Maintain records for processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MaintainRecordsOfProcessingActivities

This obligation requires the Controller/Processor to maintain adequate records about their processing activities.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article30
https://w3id.org/GDPRtEXT/gdpr#article30-2
https://w3id.org/GDPRtEXT/gdpr#recital82
https://w3id.org/GDPRtEXT/gdpr#recital89
has super-classes
Controller Obligation c, Processor Obligations c
has sub-classes
Categories of data subjects and personal data c, Record categories of recipients c, Record cross-border transfers c, Record data retention periods c, Record purpose of processing c, Record security measures c

Marketingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Marketing

The process or technique of promoting, selling, and distributing a product or service.
has super-classes
Activity c
has sub-classes
Direct Marketing c

Maximum validty 3 yearsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MaximumValidity3Years

The maximum validity for all seals and certifications should be 3 years from the date of issue.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article42-7
has super-classes
Awarding Seals and Certifications c

Medical or Diagnosticsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MedicalDiagnosisTreatment

Lawful basis for processing is provided by the GDPR for medical or diagnostics purposes pertaining to the data subject
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-2-3
https://w3id.org/GDPRtEXT/gdpr#article9-3
has super-classes
Lawful Basis c

Monitor Compliancec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#MonitorCompliance

The activity or process of overseeing an organisation's compliance.
has super-classes
Activity c, Compliance c, DPO Obligation c

National Securityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NationalSecurity

The stated obligation could not be completed as it concerns national security.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital16
has super-classes
Exlcusions and Exceptions c

Nature of data involvedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NatureOfPersonalData

The nature of the personal data involved, whether it is sensitive or confidential.
has super-classes
Purpose of new processing c

No charges leviedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NoChargeLeviedForRightToAccess

The right to access personal data should not incur any undue charge levied on the data subject for exercising their right
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article12-5
https://w3id.org/GDPRtEXT/gdpr#article15-3
https://w3id.org/GDPRtEXT/gdpr#article15-4
https://w3id.org/GDPRtEXT/gdpr#recital59
has super-classes
Right to Access Personal Data c

Not from silence or inactivityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotFromSilenceOrInactivityConsentObligation

Consent should not be obtained from silence or inactivity of the data subject
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Obligation for obtaining consent c

Not further processedc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotFurtherProcessedThanOriginalPurpose

This obligation specifies that the collected personal data should not be processed beyond the purpose for which it was originally collected without an updated consent for the proposed purposes.
has super-classes
Obligation for data collection c

Not-for-profit organisationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotForProfitOrg

Lawful basis is provided by the GDPR for activities of/for not-for-profit organisations
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-2-d
has super-classes
Lawful Basis c

Notification requires disproportionate effortsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotificationRequiresDisproportionateEfforts

The data subjects were not notified about the data breach because it required disproportionate efforts.
has super-classes
Exceptions on reporting data breach c, Requires disproportionate efforts c

Notify about DPOc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectAboutDPOForDataBreach

Affected data subjects must be notified with the name and contact of the DPO responsible/handling for the data breach.
has super-classes
Notify Data Subject of Breach c

Notify consequences of breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectAboutConsequencesOfDataBreach

Affected data subject's must be notified about the consequences of the data breach.
has super-classes
Notify Data Subject of Breach c

Notify Data Subject of Breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectOfBreach

Affected data subjects must be notified of the data breach and its effects.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article34
https://w3id.org/GDPRtEXT/gdpr#recital73
https://w3id.org/GDPRtEXT/gdpr#recital86
https://w3id.org/GDPRtEXT/gdpr#recital87
https://w3id.org/GDPRtEXT/gdpr#recital88
has super-classes
Report Data Breach c
has sub-classes
Notify about DPO c, Notify consequences of breach c, Notify measures taken c

Notify measures takenc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#NotifyDataSubjectOfMeasuresTakenForDataBreach

Affect data subjets must be notified of the measures taken against the data breach.
has super-classes
Notify Data Subject of Breach c

Obligationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Obligation

These are the obligations specified by the GDPR. Following the obligations is necessary for compliance.
has super-classes
concept c
has sub-classes
Controller Obligation c, DPO Obligation c, Data Retention c, Lawful Basis c, Obligation for data collection c, Obligation for obtaining consent c, Processor Obligations c, Security of Personal Data c

Obligation for data collectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ObligationForCollectionOfPersonalData

Collection of Personal Data is an Activity that deals with acquiring data subject's personal data through some model of interaction.
has super-classes
Obligation c
has sub-classes
Accurate Collection c, Explicit Purpose c, Legitimate purpose c, Not further processed c, Specified purpose c

Obligation for obtaining consentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ObligationForObtainingConsent

These are the obligations specified by the GDPR for obtaining consent
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Obligation c
has sub-classes
Can be withdrawn easily c, Clear explanation c, Demonstrable c, Distinguishable from other matters c, Not from silence or inactivity c, Valid Consent c

Obtaining Consent from Data Subjectc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ObtainingConsent

The act of getting a data subject's consent.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Consent Activity c

Only act on Controller instructionsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#OnlyActOnDocumentedInstructionFromController

The processor must only act on the intructions provided and documented by the controller
has super-classes
Processor Obligations c

Outside Material Scopec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#OutsideMaterialScope

The activity was deemed to be outside the material scope of the GDPR.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article2-2
https://w3id.org/GDPRtEXT/gdpr#article2-3
has super-classes
Exlcusions and Exceptions c

Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PersonalData

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-1
https://w3id.org/GDPRtEXT/gdpr#recital26
has super-classes
Data c
has sub-classes
Sensitive Personal Data c

Personal or Household activityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#R18

Exempted as the GDPR does not apply to personal or household activity that does not have a professional or commercial activity associated with it.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital18
has super-classes
Exlcusions and Exceptions c

Pointc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Point

Point in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:article27-2 a eli:LegalResourceSubdivision,
        GDPRtEXT:Point ;
    eli:description "The obligation laid down in paragraph 1 of this Article shall not apply to:"^^xsd:string ;
    eli:is_part_of gdpr:GDPR,
        gdpr:article27,
        gdpr:chapterIV,
        gdpr:chapterIV-1 ;
    eli:number "2"^^xsd:string ;
    eli:title_alternative "Article27(2)"^^xsd:string ;
    GDPRtEXT:hasSubPoint gdpr:article27-2-a,
        gdpr:article27-2-b ;
    GDPRtEXT:isPartOfArticle gdpr:article27 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterIV ;
    GDPRtEXT:isPartOfSection gdpr:chapterIV-1 .
has super-classes
legal resource subdivision c
is in range of
has Point op, is part of Point op

Principlec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Principle

A Principle is a rule or standard defined by the GDPR which is essential to be followed for compliance
Is defined by
https://w3id.org/GDPRtEXT/gdpr#chapter2
has super-classes
concept c
has sub-classes
Principle of Accountability c, Principle of Accuracy c, Principle of Data Minimisation c, Principle of Integrity and Confidentiality c, Principle of Lawfulness, Fairness, and Transparency c, Principle of Purpose Limitation c, Principle of Storage Limitation c

Principle of Accountabilityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Accountability

The principle of accountability states that the controller shall be responsible for, and be able to demonstrate compliance with the processing of personal data as defined by the justifications permissible under the GDPR
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-2
https://w3id.org/GDPRtEXT/gdpr#recital85
has super-classes
Principle c

Principle of Accuracyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Accuracy

The principle of accuracy states that personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-1-d
https://w3id.org/GDPRtEXT/gdpr#recital39
has super-classes
Principle c

Principle of Data Minimisationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#DataMinimisation

The principle of data minimisation states that personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-1-c
https://w3id.org/GDPRtEXT/gdpr#recital39
has super-classes
Principle c

Principle of Integrity and Confidentialityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#IntegrityAndConfidentiality

The principle of integrity and confidentiality states that personal data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article24-1
https://w3id.org/GDPRtEXT/gdpr#article25-1
https://w3id.org/GDPRtEXT/gdpr#article25-2
https://w3id.org/GDPRtEXT/gdpr#article28
https://w3id.org/GDPRtEXT/gdpr#article32
https://w3id.org/GDPRtEXT/gdpr#article39
https://w3id.org/GDPRtEXT/gdpr#article5-1-f
https://w3id.org/GDPRtEXT/gdpr#recital156
https://w3id.org/GDPRtEXT/gdpr#recital29
https://w3id.org/GDPRtEXT/gdpr#recital71
has super-classes
Principle c

Principle of Lawfulness, Fairness, and Transparencyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#LawfulnessFairnessAndTransparency

The principle of lawfulness, fairness, and transparency states that personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-1-a
https://w3id.org/GDPRtEXT/gdpr#recital39
has super-classes
Principle c

Principle of Purpose Limitationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PurposeLimitation

The principle of purpose limitation states that personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1) of the GDPR, not be considered to be incompatible with the initial purposes.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-1-b
https://w3id.org/GDPRtEXT/gdpr#recital50
has super-classes
Principle c

Principle of Storage Limitationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#StorageLimitation

The principle of storage limitation states that personal data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article5-1-e
https://w3id.org/GDPRtEXT/gdpr#recital39
has super-classes
Principle c

Privacy by Designc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PrivacyByDesign

Privacy by Design is the approach of taking privacy into consideration throughout the whole planning and execution processes.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article25
https://w3id.org/GDPRtEXT/gdpr#recital78
has super-classes
Controller Obligation c

Processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Processing

Processing here refers to an Activity that acts on the Data Subject's personal information.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-2
is equivalent to
Use Data c
has super-classes
Activity c
has sub-classes
Automated Processing c, Confirming or matching datasets c, Large scale processing c, Processing affected or vulnerable individuals c, Processing sensitive data c, Processing using untested technologies c, Unlawful Processing c

Processing affected or vulnerable individualsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessingAffectedVulnerableIndividuals

This type of processing involves data subjects that are vulnerable, such as children, or people with disabilities.
has super-classes
Factors for Impact Assessment c, Processing c

Processing is unlawfulc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessingIsUnlawful

The data subject can exercise the right to restrict processing of their personal data when the processing is unlawful
has super-classes
Right to restrict processing c

Processing sensitive datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessingSensitiveData

This involves processing involving sensitive personal data.
has super-classes
Factors for Impact Assessment c, Processing c

Processing using untested technologiesc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessingUsingUntestedTechnologies

This type of processing uses technologies that are new or have not yet been deemed to be fit or stable for usage.
has super-classes
Factors for Impact Assessment c, Processing c

Processorc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Processor

A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-8
has super-classes
Entity c
has sub-classes
Sub-Processor c

Processor Representativec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProcessorRepresentative

A natural or legal person established in the Union who, designated by the processor in writing, represents the processor with regard to their respective obligations under the GDPR.
has super-classes
Entity c

Propogate rights to Third Partiesc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PropogateRightsToThirdParties

To propogate a data subject's right once they have been exercised to other third parties that are involved through the data subject's personal data.
has super-classes
Activity c, Controller Obligation c, Processor Obligations c

Protection against accidental lossc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstAccidentalLoss

Protection of data subject's personal data against accidental loss.
has super-classes
Security of Personal Data c

Protection against damagec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstDamage

Protection of data subject's personal data against damage to the data.
has super-classes
Security of Personal Data c

Protection against destructionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstDestruction

Protection of data subject's personal data against destruction of data.
has super-classes
Security of Personal Data c

Protection against unlawful processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProtectionAgainstUnlawfulProcessing

Protection of data subject's personal data against unlawful processing of data.
has super-classes
Security of Personal Data c

Provide copy of Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProvideCopyOfPersonalData

The right of data portability requries providing a copy of the data subject's personal data
has super-classes
Data Activity c, Right of Data Portability c
has sub-classes
Copy should be in a commonly used format c, Copy should be in a machine readable format c, Shoud support reuse c, Should be structured c

Provide information for compliancec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ProvideControllerWithInfoForCompliance

The processor must provide the controller with the information necessary to demonstrate compliance
has super-classes
Processor Obligations c

Public Interestc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PublicInterest

Lawful basis is provided by the GDPR as being in the interest of the public
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-e
https://w3id.org/GDPRtEXT/gdpr#article9-2-g
https://w3id.org/GDPRtEXT/gdpr#article9-2-i
https://w3id.org/GDPRtEXT/gdpr#recital45
has super-classes
Lawful Basis c

Purpose of new processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#PurposeOfNewProcessing

These are the obligations over determining the new or changed purposes of processing
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-4
https://w3id.org/GDPRtEXT/gdpr#recital50
has super-classes
Lawful Basis c
has sub-classes
Consequences for data subjects c, Context of data collection c, Existence of safeguards c, Lnk between new and old processing c, Nature of data involved c

Racial origin datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RacialData

Personal data revealing racial or ethnic origin.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital51
has super-classes
Sensitive Personal Data c

Record categories of recipientsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordCategoriesOfRecipientsWhereDataShared

This obligation requires Controllers to record the categories of recipients the personal data was shared with.
has super-classes
Maintain records for processing c

Record cross-border transfersc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordCrossBorderDataTransfer

This obligation requires Controllers to record the cross-border data transfers.
has super-classes
Maintain records for processing c

Record data retention periodsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordDataRetentionPeriod

This obligation requires Controllers to record the data retention period of personal data.
has super-classes
Maintain records for processing c

Record purpose of processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordPurposeOfProcessing

This obligation requires Controllers to record the purpose of processing associated with personal data and the given consent.
has super-classes
Maintain records for processing c

Record security measuresc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RecordSecurityMeasures

This obligation requires Controllers to record the measures taken to ensure adequate safety measures of personal data and the involved activities.
has super-classes
Maintain records for processing c

Rectify Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RectifyData

An activity that rectifies data
has super-classes
Data Activity c

Rectify Inaccuraciesc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RectifyInaccuracy

Any inaccuracies or discrepancies in the retained data must be rectified
has super-classes
Data Retention c

Regulationc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Recital

Regulation in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:recital1 a eli:LegalResourceSubdivision,
        GDPRtEXT:Recital ;
    eli:description "The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union (the ‘Charter’) and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of personal data concerning him or her."^^xsd:string ;
    eli:is_part_of gdpr:GDPR ;
    eli:number "1"^^xsd:string .
has super-classes
legal resource subdivision c
is in range of
has Recital op

Regulation (EC) No 45/2001c back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#R17

Related to Regulation (EC) No. 45/2001
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital17
has super-classes
Exlcusions and Exceptions c

Regulatory Authorityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RegulatoryAuthority

The authority responsible for regulating data protection laws.
has super-classes
Entity c

Relevant for processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RelevantForProcessing

Any retained personal data must be relevant for subsiquent processing
has super-classes
Data Retention c

Report breach to DPA within 72 hoursc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ReportDataBreachToDPAWithin72Hours

The occurence of a data breach must be reported to the Data Protection Authority (DPA) within 72 hours
has super-classes
Report Data Breach c

Report Data Breachc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ReportDataBreach

The act of reporting a data breach to entities mentioned within the GDPR. These are the Data Protection Authority (DPA), and in the case of Processors, the Controller they have an agreement with.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article33
https://w3id.org/GDPRtEXT/gdpr#recital73
https://w3id.org/GDPRtEXT/gdpr#recital85
https://w3id.org/GDPRtEXT/gdpr#recital86
https://w3id.org/GDPRtEXT/gdpr#recital87
https://w3id.org/GDPRtEXT/gdpr#recital88
has super-classes
Activity c, Compliance c, Controller Obligation c
has sub-classes
Maintain Record of Breach c, Notify Data Subject of Breach c, Report breach to DPA within 72 hours c, Report data breach to Controller c

Report data breach to Controllerc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ReportDataBreachToController

The occurence of a data breach must be reported to the Controller.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article33-2
has super-classes
Processor Obligations c, Report Data Breach c

Requires disproportionate effortsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RequiresDisproportionateEfforts

The stated obligation or activity could not be completed as it requires disproportionate efforts to complete.
has super-classes
Exlcusions and Exceptions c
has sub-classes
Notification requires disproportionate efforts c

Restrictions on cross-border transfersc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RestrictionsOnCrossBorderTransfers

These provide restrictions on cross-border transfers for Processors
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article44
has super-classes
Processor Obligations c

Return or destroy datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ReturnOrDestroyPersonalDataAtEndTerm

The processor must return or destroy personal data at the end of term (of its agreement with the controller)
has super-classes
Processor Obligations c

Right of Data Portabilityc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightOfDataPortability

The data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article20
https://w3id.org/GDPRtEXT/gdpr#recital68
https://w3id.org/GDPRtEXT/gdpr#recital73
has super-classes
Data Subject's Rights c
has sub-classes
Provide copy of Personal Data c

Right of Erasurec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightOfErasure

The data subject has the right to obtain erasure of their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article17
https://w3id.org/GDPRtEXT/gdpr#recital65
https://w3id.org/GDPRtEXT/gdpr#recital66
https://w3id.org/GDPRtEXT/gdpr#recital68
has super-classes
Data Subject's Rights c
has sub-classes
Erase if conesnt was withdrawn c, Erase if no longer needed for original purpose c

Right to Access Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToAccessPersonalData

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data along with additional information about it.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article15
https://w3id.org/GDPRtEXT/gdpr#recital63
has super-classes
Data Subject's Rights c
has sub-classes
If and where Controller is processing c, Information about automated processing with significant effects c, Information about categories of data being processed c, Information about categories of recipients c, Information about data source c, Information about processing c, Information about rights c, Information about storage period c, No charges levied c

Right to basic information about processing of personal datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToBasicInformationAboutProcessing

The right to basic information about processing provides data subjects with information about the processing activities involving their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article13
https://w3id.org/GDPRtEXT/gdpr#article14
https://w3id.org/GDPRtEXT/gdpr#recital58
https://w3id.org/GDPRtEXT/gdpr#recital60
has super-classes
Data Subject's Rights c
has sub-classes
Information about third parties c

Right to not be evaluated through automated processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToNotBeEvaluatedThroughAutomatedProcessing

The data subject has a right to not be evaluated through automated processing
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article22
https://w3id.org/GDPRtEXT/gdpr#recital71
https://w3id.org/GDPRtEXT/gdpr#recital75
has super-classes
Data Subject's Rights c

Right to object direct markettingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToObjectForDirectMarketting

The data subject has a right to object to direct marketting based on their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article21-2-3
https://w3id.org/GDPRtEXT/gdpr#recital70
has super-classes
Data Subject's Rights c

Right to object processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToObjectToProcessing

The data subject has the right to object to processing of their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article21
https://w3id.org/GDPRtEXT/gdpr#recital50
https://w3id.org/GDPRtEXT/gdpr#recital59
https://w3id.org/GDPRtEXT/gdpr#recital69
https://w3id.org/GDPRtEXT/gdpr#recital70
https://w3id.org/GDPRtEXT/gdpr#recital73
has super-classes
Data Subject's Rights c

Right to rectifyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToRectification

The data subject has a right to recitify their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article16
https://w3id.org/GDPRtEXT/gdpr#article5-1-d
https://w3id.org/GDPRtEXT/gdpr#recital39
https://w3id.org/GDPRtEXT/gdpr#recital59
https://w3id.org/GDPRtEXT/gdpr#recital65
https://w3id.org/GDPRtEXT/gdpr#recital73
has super-classes
Data Subject's Rights c

Right to restrict processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToRestrictProcessing

The data subject has the rights to restrict the processing of their personal data
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article18
https://w3id.org/GDPRtEXT/gdpr#recital67
has super-classes
Data Subject's Rights c
has sub-classes
Accuracy is contested c, Data no longer needed for original purpose c, Processing is unlawful c

Right to Transparencyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RightToTransparency

The right to transparency requires controllers to provide information about the processing activities as well as personal data and its usage in a transparent manner
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article12
https://w3id.org/GDPRtEXT/gdpr#article13
https://w3id.org/GDPRtEXT/gdpr#article14
https://w3id.org/GDPRtEXT/gdpr#article5-1-a
https://w3id.org/GDPRtEXT/gdpr#recital39
https://w3id.org/GDPRtEXT/gdpr#recital58
https://w3id.org/GDPRtEXT/gdpr#recital60
has super-classes
Data Subject's Rights c
has sub-classes
Concise c, Easily Accessible c, Intelligible c, Transparent c

Rights protectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#FreedomsProtection

The stated obligation could not be completed as it concerns rights protection.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital16
has super-classes
Exlcusions and Exceptions c

Sealc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Seal

A seal pertaining to GDPR compliance
Is defined by
https://w3id.org/GDPRtEXT/gdpr#recital77
https://w3id.org/GDPRtEXT/gdpr#recital81
has super-classes
Seals and Certifications c

Seals and Certificationsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SealsAndCertification

GDPR provides for the creation and provision of seals and certificates pertaining to compliance or related activities
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article42
https://w3id.org/GDPRtEXT/gdpr#recital77
https://w3id.org/GDPRtEXT/gdpr#recital81
has super-classes
concept c
has sub-classes
Awarding Seals and Certifications c, Certification c, Seal c

Sectionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#Section

Section in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:chapterIV-5 a eli:LegalResourceSubdivision,
        GDPRtEXT:Section ;
    eli:is_part_of gdpr:GDPR,
        gdpr:chapterIV ;
    eli:number "5"^^xsd:string ;
    eli:title "Codes of conduct and certification"^^xsd:string ;
    eli:title_alternative "Section 5"^^xsd:string ;
    GDPRtEXT:hasArticle gdpr:article40,
        gdpr:article41,
        gdpr:article42,
        gdpr:article43 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterIV .
has super-classes
legal resource subdivision c
is in range of
has Section op, is part of Section op

Security of Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SecurityOfPersonalData

This activity refers to security of data subject's personal data.
has super-classes
Activity c, Obligation c
has sub-classes
Protection against accidental loss c, Protection against damage c, Protection against destruction c, Protection against unlawful processing c

Sensitive Personal Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SensitivePersonalData

Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article9-1
https://w3id.org/GDPRtEXT/gdpr#recital10
https://w3id.org/GDPRtEXT/gdpr#recital34
https://w3id.org/GDPRtEXT/gdpr#recital35
https://w3id.org/GDPRtEXT/gdpr#recital51
has super-classes
Personal Data c
has sub-classes
Crime data c, Genetic Data c, Health data c, Racial origin data c

Share Personal Data with Third Partyc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShareDataWithThirdParty

This activity represents the sharing of data subject's personal data with a third party.
has super-classes
Data Activity c

Shoud support reusec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldSupportReuse

The provided copy of personal data should support reuse
has super-classes
Provide copy of Personal Data c

Should be structuredc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ShouldBeStructured

The provided copy of personal data should be structured
has super-classes
Provide copy of Personal Data c

Specificc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SpecificConsentObligation

GDPR obligation that specifies consent must be specific for it to be valid.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-a
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Valid Consent c

Specified purposec back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SpecifiedPurpose

This obligation states that the collection of personal data should happen only for the specified purposes (for which the data subject has consented).
has super-classes
Obligation for data collection c

Store Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#StoreData

An activity where personal data is being stored
has super-classes
Data Activity c

Sub-Processorc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SubProcessor

A sub-processor is a processor acting under another processor.
has super-classes
Processor c

SubPointc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SubPoint

SubPoint in GDPR text
Is defined by
http://eur_lex.europa.eu/legal_content/EN/ALL/?uri=CELEX:32016R0679
Example
gdpr:article12-5-b a eli:LegalResourceSubdivision,
        GDPRtEXT:SubPoint ;
    eli:description "refuse to act on the request."^^xsd:string ;
    eli:is_part_of gdpr:GDPR,
        gdpr:article12,
        gdpr:article12-5,
        gdpr:chapterIII,
        gdpr:chapterIII-1 ;
    eli:number "b"^^xsd:string ;
    eli:title_alternative "Article12(5)(b)"^^xsd:string ;
    GDPRtEXT:isPartOfArticle gdpr:article12 ;
    GDPRtEXT:isPartOfChapter gdpr:chapterIII ;
    GDPRtEXT:isPartOfPoint gdpr:article12-5 ;
    GDPRtEXT:isPartOfSection gdpr:chapterIII-1 .
has super-classes
legal resource subdivision c
is in range of
has SubPoint op

Systematic Monitoringc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#SystematicMonitoring

This activity provides a systematic monitoring or overview of processes/activities taking place within the context of the organisation.
has super-classes
Activity c, Factors for Impact Assessment c

Transparentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#InformationShouldBeTransparent

The information provided under the right to transparency should be transparent and clear (i.e. not umambigious or vague)
has super-classes
Right to Transparency c

Unlawful Processingc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#UnlawfulProcessing

Processing of personal data that is termed to be unlawful in the context of the GDPR or other relevant laws and regulations
has super-classes
Processing c

Use Datac back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#UseData

An activity that uses personal data
has super-classes
Data Activity c

Valid Consentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#ValidConsent

Consent is termed to be valid if it passes all the criteria or obligations laid down by the GDPR.
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article4-11
https://w3id.org/GDPRtEXT/gdpr#article6-1-a
https://w3id.org/GDPRtEXT/gdpr#article7
https://w3id.org/GDPRtEXT/gdpr#recital32
has super-classes
Given Consent c, Obligation for obtaining consent c
has sub-classes
Freely given c, Informed c, Specific c, Voluntary & Opt-in c

Vital Interestsc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#VitalInterest

These are obligations pertaining to the vital interests of the data subjects
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article6-1-d
https://w3id.org/GDPRtEXT/gdpr#article9-2-c
https://w3id.org/GDPRtEXT/gdpr#recital46
has super-classes
Lawful Basis c

Voluntary & Opt-inc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#VoluntaryOptInConsentObligation

Consent must be obtained through the data subject's voluntary action and should be opt-in and not opt-out or by default.
has super-classes
Valid Consent c

Voluntary accreditionc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#VoluntarySystemOfAccredition

The seals and certifications should be a voluntary system of accredition
Is defined by
https://w3id.org/GDPRtEXT/gdpr#article42-3
has super-classes
Awarding Seals and Certifications c

Withdrawing Given Consentc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#WithdrawingConsent

This activity represents the data subject withdrawing given consent.
has super-classes
Consent Activity c

Written consent of Controllerc back to ToC or Class ToC

IRI: https://w3id.org/GDPRtEXT#RequiresWrittenConsentOfControllerToAppointSubProcessor

Appointing a sub-processor requires the written consent of the controller specifying permission or consent
has super-classes
Appointing Sub-Processors c

Object Properties

has Articleop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasArticle

indicates the legal resource has the Article

has characteristics: functional

has super-properties
has part op
has domain
legal resource subdivision c
has range
Article c

has Chapterop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasChapter

indicates the legal resource has the Chapter

has characteristics: functional

has super-properties
has part op
has domain
legal resource c
has range
Chapter c

has Citationop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasCitation

indicates that the legal resource has the referenced citation
has super-properties
has part op
has domain
legal resource subdivision c
has range
Citation c

has partop back to ToC or Object Property ToC

IRI: http://data.europa.eu/eli/ontology#has_part

has characteristics: transitive

has sub-properties
has Article op, has Chapter op, has Citation op, has Point op, has Recital op, has Section op, has SubPoint op

has Pointop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasPoint

indicates the legal resource has the Point

has characteristics: functional

has super-properties
has part op
has domain
legal resource subdivision c
has range
Point c

has Recitalop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasRecital

indicates the legal resource has the Recital

has characteristics: functional

has super-properties
has part op
has domain
legal resource subdivision c
has range
Regulation c

has Sectionop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasSection

indicates the legal resource has the Section

has characteristics: functional

has super-properties
has part op
has domain
legal resource subdivision c
has range
Section c

has SubPointop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#hasSubPoint

indicates the legal resource has the SubPoint

has characteristics: functional

has super-properties
has part op
has domain
legal resource subdivision c
has range
SubPoint c

is part ofop back to ToC or Object Property ToC

IRI: http://data.europa.eu/eli/ontology#is_part_of

has characteristics: transitive

has sub-properties
is part of Article op, is part of Chapter op, is part of Point op, is part of Section op

is part of Articleop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#isPartOfArticle

represents a legal resource subdivision to be part of a article

has characteristics: functional

has super-properties
is part of op
has domain
legal resource subdivision c
has range
Article c

is part of Chapterop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#isPartOfChapter

represents a legal resource subdivision to be part of a chapter

has characteristics: functional

has super-properties
is part of op
has domain
legal resource subdivision c
has range
Chapter c

is part of Pointop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#isPartOfPoint

represents a legal resource subdivision to be part of a point

has characteristics: functional

has super-properties
is part of op
has domain
legal resource subdivision c
has range
Point c

is part of Sectionop back to ToC or Object Property ToC

IRI: https://w3id.org/GDPRtEXT#isPartOfSection

represents a legal resource subdivision to be part of a section

has characteristics: functional

has super-properties
is part of op
has domain
legal resource subdivision c
has range
Section c

Legend back to ToC

c: Classes
op: Object Properties
dp: Data Properties
ni: Named Individuals
null

Acknowledgements back to ToC

This work is supported by the ADAPT Centre for Digital Content Technology, which is funded under the SFI Research Centres Programme (Grant 13/RC/2106) and is co-funded under the European Regional Development Fund.

This documentation was produced using Widoco by Daniel Garijo based on LODE a Live OWL Documentation Environment by Silvio Peroni.