Towards a Semantic Model of the GDPR Register of Processing Activities
This work addresses GDPR compliance challenges for organizations and regulators by standardizing ROPA data, though it is incremental as it builds on existing vocabulary.
The paper tackled the problem of varying GDPR register of processing activities (ROPA) templates across EU jurisdictions by analyzing six templates and proposing a consolidated data model, and it extended the Data Privacy Vocabulary to fill gaps, enabling a pan-EU interoperability framework.
A core requirement for GDPR compliance is the maintenance of a register of processing activities (ROPA). Our analysis of six ROPA templates from EU data protection regulators shows the scope and granularity of a ROPA is subject to widely varying guidance in different jurisdictions. We present a consolidated data model based on common concepts and relationships across analysed templates. We then analyse the extent of using the Data Privacy Vocabulary - a vocabulary specification for GDPR. We show that the DPV currently does not provide sufficient concepts to represent the ROPA data model and propose an extension to fill this gap. This will enable creation of a pan-EU information management framework for interoperability between organisations and regulators for GDPR compliance.