Data Privacy Vocabulary

From Open Risk Manual


The Data Privacy Vocabulary is a a collection of terms used in Data Privacy context. It integrates (subsets of) terminology from a number of references.


Conceptually the structure of the vocabulary aims to express concretely the real or legal persons involved, the purpose of the data processing and the type of data involved, the legal basis (including consent) that applies and any technical or organization measures that are being taken.

Data Privacy Vocabularies and Controls Community Group

The Data Privacy Vocabulary (DPV) provides terms (classes and properties) to describe and represent information related to processing of personal data based on established requirements such as for the EU General Data Protection Regulation (GDPR).

The DPV is structured as a top-down hierarchical vocabulary with the core or base concepts of personal data categories, purposes of processing and types of processing, data controller(s) associated, recipients of personal data, legal bases or justifications used, technical and organisational measures and restrictions (e.g. storage locations and storage durations), applicable rights, and the risks involved.

Use case examples of the DPV include:

  • annotating privacy policies
  • documenting information for specific laws such as GDPR
  • producing transparent, machine-readable processing logs (for instance by mapping the DPV to existing database schemas and thereby generating/aggregating machine-readable transparency records directly out of their logging).

NB: DPV It is not a W3C Standard nor is it on the W3C Standards Track