A Semantic Specification for Data Protection Impact Assessments (DPIA)

Loading...
Thumbnail Image

Date

Journal Title

Journal ISSN

Volume Title

Publisher

Access

openAccess

Embargo end date

Citation

Harshvardhan J. Pandit, A Semantic Specification for Data Protection Impact Assessments (DPIA), International Conference on Semantic Systems (SEMANTiCS), Vienna, Austria, 13 SEP 2022, 2022

Abstract

The GDPR requires assessing and conducting a Data Protection Impact Assessment (DPIA) for processing of personal data that may result in high risk and impact to the data subjects. Documenting this process requires information about processing activities, entities and their roles, risks, mitigations and resulting im- pacts, and consultations. Impact assessments are complex activities where stake- holders face difficulties to identify relevant risks and mitigations, especially for emerging technologies and specific considerations in their use-cases, and to doc- ument outcomes in a consistent and reusable manner. We address this challenge by utilising linked-data to represent DPIA related information so that it can be better managed and shared in an interoperable manner. For this, we consulted the guidance documents produced by EU Data Protection Authorities (DPA) regarding DPIA and by ENISA regarding risk management. The outcome of our efforts is an extension to the Data Privacy Vocabulary (DPV) for documenting DPIAs and an ontology for risk management based on ISO 31000 family of standards. Our contri- butions fill an important gap within the state of the art, and paves the way for shared impact assessments with future regulations such as for AI and Cybersecurity.

Description

Endorsement

Review

Supplemented By

Referenced By

Sponsor: Irish Research Council (IRC)
Grant Number: GOIPD/2020/790

Sponsor: Science Foundation Ireland (SFI)
Grant Number: 13/RC/2106_P2

Other Titles: International Conference on Semantic Systems (SEMANTiCS)
Type of material: Conference Paper