ABCDEFGHIJKLMNO
1
Identifcatino of Provenance Metadata and Formulating Compliance Queries based on GDPR-Readiness Guide provided by Ireland's Data Protection Commissioner
2
IDCategoryTitleCommentGDPRTypeTo Implement?DataData Comment
Model
based?
Model Comment
Instance
based?
Instance Comment?Automate?Comment
3
G1GeneralCategories of personal data and data subjectsList the categories of data subjects and personal data collected and retained e.g. current employee data; retired employee data; customer data (sales information); marketing database; CCTV footage.demonstrativeYpersonal data, data subjectssubclasses that have other subclasses can be considered as categories in this caseYthis only needs information about the classes, not the instancesNinstances are difficult to aggregate into categories, and would need some abstract information to efficiently do soYrun this over the latest model as required
4
G2GeneralElements of personal data included within each data categoryList each type of personal data included within each category of personal data e.g. name, address, banking details, purchasing history, online browsing history, video and images.demonstrativeYpersonal datasubclasses that do not have other subclasses can be considered by types within categoriesYthis only needs information about the classes, not the instancesNinstances are difficult to aggregate into categories, and would need some abstract information to efficiently do soYrun this over the latest model as required
5
G3GeneralSource of the personal dataList the source(s) of the personal data e.g. collected directly from individuals; from third parties (if third party identify the data controller as this information will be necessary to meet obligations under Article 14).demonstrativeYpersonal data, steps that collect data, entities that provde dataYthere could be fixed models where data is collected directly from data subjects or some data provider which can be shown through the abstract modelYinstances can show who the actual data providers are, if they can change with time. Ideally, the change should be reflected in the modelYrun this over the latest model and over instances
6
G4GeneralPurposes for which personal data is processedWithin each category of personal data list the purposes for the data is collected and retained e.g. marketing, service enhancement, research, product development, systems integrity, HR matters, advertising.demonstrativeYresults of G1, processes acting on dataget all plans that contain steps that act on the data, then aggregate them based on categoriesYrun this over the model only as it enquires about the state of the system and not about a particular instanceNthis CAN be run on instances for data subject specific queries, but this is not what the original query meantYrun this over the latest model as required
7
G5GeneralLegal basis for each processing purpose (non-special categories of personal data)For each purpose that personal data is processed, list the legal basis on which it is based e.g. consent, contract, legal obligation (Article 6).demonstrativeYresults of G4, processes acting on dataget legal basis in steps within plans from G4Ylegal basis does not change in instances, so query this on modelsNthis CAN be run on instances for data subject specific queries, but this is not what the original query meantYrun this over the latest model as required
8
G6GeneralSpecial categories of personal dataIf special categories of personal data are collected and retained, set out details of the nature of the data e.g. health, genetic, biometric data.demonstrativeYspecial category personal datasubclasses under special category of personal dataYas with normal categories of data, this query only needs information about category, not specificsNinstances are difficult to aggregate into categories, and would need some abstract information to efficiently do soYrun this over the latest model as required
9
G7GeneralLegal basis for processing special categories of personal dataList the legal basis on which special categories of personal data are collected and retained e.g. explicit consent, legislative basis (Article 9).demonstrativeYresults of G6, steps that collect data, steps that store dataget all steps that collect or store special categories of data, then retrieve their legal basisYsame as G5, this is information about the abstract modelNthis CAN be run on instances for data subject specific queries, but this is not what the original query meantYrun this over the latest model as required
10
G8GeneralRetention periodFor each category of personal data, list the period for which the data will be retained e.g. one month? one year?
As a general rule data must be retained for no longer than is necessary for the purpose for which it was collected in the first place.
Nresults of G1, steps that store datathis is interpretative based on how retention time is calculated; ideally, this will be a part of the consent or policy that feeds into the provenance graph
11
G9GeneralAction required to be GDPR compliant?Identify actions that are required to ensure all personal data processing operations are GDPR compliant e.g. this may include deleting data where there is no further purpose for retention.Nthis is very vague and does not depend or does not directly involve provenance; unless a list of processes or plans can be linked to show 'actions' but these would still need to be combined with some form of documentation
12
P1PersonalDataValidity of ConsentHave you reviewed your organisation’s mechanisms for collecting consent to ensure that it is freely given, specific, informed and that it is a clear indication that an individual has chosen to agree to the processing of their data by way of statement or a clear affirmative action?7,8,9assistiveYconsent, steps that acquire consentThis cannot be directly evaluated because of conditions such as freely given, specific, etc. which are qualitative. But, the information about how the consent was collected can be presented to make an informed decision.Yidentify steps that collect consent along with static data content such as privacy policy and T&C that are used along with the form/mechanism used to collect consent.NThis is assuming that the instances follow the abstract model. So the mechanism that they used to collect consent is the same as that referenced in the abstract model. Therefore, this is already considered to be evaluated under the abstract model. However, this CAN be used to retrieve and evaluate the consent mechanism for a particualr data subject.Yrun this over the latest model as required
13
P2PersonalDataRetrospective ConsentIf personal data that you currently hold on the basis of consent does not meet the required standard under the GDPR, have you re-sought the individual’s consent to ensure compliance with the GDPR?7,8,9NThis is a very complex question that needs information about the current data, how it was collected, the consent that operates on it, etc. Therefore, this is not resolved currently. There MAY be provenance information that can be associated with this query, however, for this current level of work, it is out of scope.
14
P3PersonalDataDemonstration of ConsentAre procedures in place to demonstrate that an individual has consented to their data being processed?7,8,9evaluativeYconsentthis is a relatively simple query that is based on demonstrating the consent covering the processing, or in more abstract terms, only demonstrate that consent existsYidentify steps that collect consent, and steps that archive or store consent. This is useful to demonstrate that the model system stores the consent, and where it was collected from.Yquery the (latest) consent associated with a data subjectYrun this query over the latest model or on the data graph, it requires no manual parameters
15
P4PersonalDataWithdraw consent for processingAre procedures in place to allow an individual to withdraw their consent to the processing of their personal data?7.8.9evaluativeYsteps that withdraw consentthis is demonstration of capability that allows consent to be withdrawnYidentify steps that withdraw consentNYrun this query over the latest model
16
P5PersonalDataChildren's Personal DataWhere online services are provided to a child, are procedures in place to verify age and get consent of a parent/ legal guardian, where required?8evaluativeYsteps that acquire consent, steps for age verificationthis query can be resolved by showing that steps exist for age verification and acquiring legal/guardian consentYidentify steps that check for legal verification of age for children, and get parental/guardian consent. This is a bit out of the way, since the model itself does not contain any logic for age verification or acquisition of consent, but it exists to show how this can be done, or in the case of instances, whether it was doneNthis CAN be run on instances, basically checking whether the age is below legal age, and in that case, whether parental/guardian consent was obtained; but the point of the query is whether such procedures existYrun this query over the latest model
17
P6PersonalDataLegitimate interest based data processingIf legitimate interest is a legal basis on which personal data is processed, has an appropriate analysis been carried out to ensure that the use of this legal basis is appropriate? That analysis must demonstrate that 1) there is a valid legitimate interest, 2) the data processing is strictly necessary in pursuit of the legitimate interest, and 3) the processing is not prejudicial to or overridden by the rights of the individual. assistiveYsteps that process personal datathis is not a singular query, and should be split into several components as follows: firstly, the query that finds all steps using personal data, then, we need to find the legal basis of all such processes, filter it to those using legitimate interest as a legal basis, and present them for analysis. The latter part of the query, where it is to be analysed whether this 'legal basis' is correct, is a qualitative and legal matter that cannot be analysed programmatically. Therefore, this query serves to provide information required in making a manual and informed judgement of this.Ysince this query analyses the legal justifcation of processing in the broad sense, it should be run on the abstract model of the system rather than on an instanceNthis CAN be run on instances, but in that case, it would be checking the legal basis on only that particular instance related to the data subject under considerationYrun this query over the latest model
18
R1RightsSubject Access Requests (SARs)Is there a documented policy/procedure for handling Subject Access Requests (SARs)?15assistiveYsteps that handle SARthough this does not directly relate to the provenance of consent or personal data, this can be resolved by demonstrating that there are steps for resolution of SARYsince the query relates to the ability to handle requests, this should be done on the abstract model of the systemNthis CAN be queried over instances, in which case, the policy can check whether particular SARs where handled, and if so, then through what proceduresYrun this query on the latest model
19
R2RightsSubject Access Requests (SARs) Response TimeIs your organisation able to respond to SARs within one month?15assistiveNsteps that handle SARthis cannot be decided programmatically except when someone explicitly states that time to handle is 1 month, in which case, the query would be checking only for the value. But this query can be used to check whether SARs were handled within the period of one monthNYcheck SARs if they were handled within the time period of one month. This would require storing timestamps that show when the SAR was made and when it was resolved or addressed by the system. The query would then calculate the interval between the two timestamps and check if it was less than 30 days (one month)Yif the query is only checking the interval between timestamps, then it can be automated; in fact, the automated version of the query can be used to flag SARs that have NOT been resolved within one month, or closer to that date so that they can be correctly addressed
20
R3RightsData PortabilityAre procedures in place to provide individuals with their personal data in a structured, commonly used and machine readable format?20evaluativeYsteps that address right to data portabilitybreaking down this query, it first checks whether there are procedures to address the right to data portability, and further to that, investigates whether that procedure can provide data in the required format; while the format itself cannot be assesed as to whether it suits the requirements specified, it can certainly be checked against a known set of acceptable formatsYsince the query only addresses capability, it should be run on the abstract model of the systemNthis CAN be run over instances, in which case, it would act to check if a particular data format provided to the data subject is within the acceptable list of data formatsYrun this query on the latest model
21
R4RightsDeletion and RectificationAre there controls and procedures in place to allow personal data to be deleted or rectified (where applicable)?16,17evaluativeYsteps that address right to rectificationthis query checks the capability of the system in deleting or rectifying dataYsince the query only addresses capability, it should be run on the abstract model of the systemNthis CAN be run over instances, in which case, it would act to check if a particular data subject was provided the function to delete and rectify data, and whether that was performed correctly.Yrun this query on the latest model
22
R5RightsRight to restriction of processingAre there controls and procedures in place to halt the processing of personal data where an individual has on valid grounds sought the restriction of processing? 18assistiveNdata subjet request, steps that process personal datathis is a little complex; so breaking it down gives this - an individual has requested that their data not be processed or be processed in a restricted fashionl; so there is the component of a request; the organisation then has to decide whether this request is 'on valid grounds' which is an entirely legal procedure, and which cannot be done programmatically. Once that is decided, and found to be valid, the personal data processing of that particular data subject should be halted or stopeed. The latter part is where the query can be assistive. It can retrieve the steps that use personal data, so they can be flagged for the halting procedure. Whatever other stes are involved in this operation can also be depicted using provenance.Nidentifcation of which steps use personal data can be done on the abstract modelYsince the request is happening at the instance level, it makes sense to resolve this query at the instance level. In this case, some information may be needed from the abstract model, such as steps that use personal data, but even then they would need to be resolved as to which are actually using the data subject's personal dataNpart of this query can be automated, but as a whole, the query involves many components that need to be explicitly specified and run manually since it involves a decision process
23
R6RightsRight to object to processingAre individuals told about their right to object to certain types of processing such as direct marketing or where the legal basis of the processing is legitimate interests or necessary for a task carried out in the public interest? 21Nthe query could retrieve some process that shows this information, but that can be done using a simple URI as well, so there is no 'query' component here
24
R7RightsHalt processing after right to objectAre there controls and procedures in place to halt the processing of personal data where an individual has objected to the processing?21evaluativeYsteps that process personal datathis query checks the capability of the system in halting processing of data; this can be resolved as some series of steps that, upon request, change the system state for particular data sets so that they are not processed again; the query checks for the presence of such steps; this is also how the right to object is handledYthe query checks whether the system model has step(s) to address the right to objectNthis CAN be run on instances to check for particular right to object for specific data subject's, but the text of the query does not state thisYrun this query on the latest model
25
R8RightsProfiling and automated processingIf automated decision making, which has a legal or significant similar affect for an individual, is based on consent, has explicit consent been collected? 22assistiveYsteps that make automated decisions, consentin this query, any processes that have automated decision making, and are based on consent, are analysed to see if explicit consent has been provided; this can be checked if consent is marked as explicit consent (in this regard), and requires some known form of consent to compare this against; for generic purposes, the query can assist in identifying steps that feature automated decision making and check if consent is being collected (other processes will then check if the consent is explicitly collected for this purpose)Ythis is used to identify steps that make automated decisionsYthe specific consent provided by the user is required to associate with the automated legal processing and to analyse whether it explicitly permits thisNit is possible to run this query on an automated basis if all the data is present; however, the last part of checking validity still needs to be done manually; which means that only a part of the query can be automated
26
R9RightsRight to obtain human interventionWhere an automated decision is made which is necessary for entering into, or performance of, a contract, or based on the explicit consent of an individual, are procedures in place to facilitate an individual’s right to obtain human intervention and to contest the decision?22assistiveYsteps that make automated decisions, right to contest automated decisionslike the previous query, this involves identifying automated decision making steps, checking if they are associated with consent; and then investigating whether there exist steps that can help the data subject to contest the decisionYsince the query only checks for presence of procedures, this can be specified or queried on the abstract model of the systemNthis CAN be run on instances to check for particular right to object to automated decision making for specific data subject's, but the text of the query does not state thisYrun this query on the latest model
27
R10RightsRestrictions to data subject rightsHave the circumstances been documented in which an individual’s data protection rights may be lawfully restricted? Note: the Irish Data Protection Bill will set out further details on the implementation of Article 23.23Nthis query relates to a set of documents that clarify the specified question; while provenance information can show the lifecycle of these documents; we do not consider that in scope for this work
28
A1AccuracyRetentionPurpose LimitationIs personal data only used for the purposes for which it was originally collected? evaluativeYpersonal data, consent, steps that involve personal data through use, share, storethis simple looking query can be interpreted to be quite broad - what personal data was collected ? what was the consent and permissions it contained? what was the personal data used for - processing, storing, sharing? And then to match them all up. This is dependant on the form of consent used, to retrieve permission for using data. Even without that, the query can be used to assist in retrieving information about what is happening with the personal data, and the consent associated with it.YThe query on the abstract model can check what categories/types of data are collected and where they are used. This can be helpful in providing a brief overview of the system. This can then be compared with whatever consent options are being presented to evaluate whether all processing and data operations are indeed referenced in the consent collection or policy.YThe query on instances retrieves all processes that involve personal data along with the consent in question and then compare whether each step was permitted based on the consent.YThe retrieval of information can be automated, but this involves taking into account the way consent is represented
29
A2AccuracyRetentionData minimisationIs the personal data collected limited to what is necessary for the purposes for which it is processed? assistiveYpersonal data, steps that process personal datathe query can assist by retrieving what personal data is collected and what it is being used for; this can then be used to evaluate whether the data is adequate for purposesYThe overview of the system can provide this information in brief, and would be common for all data subjectsYThis query CAN be run on instances, as services can differ between data subjects. However, it is better to run this on the abstract model for proving that the system itself follows data minimisation.YThe retrieval of information can be automated
30
A3AccuracyRetentionAccuracyAre procedures in place to ensure personal data is kept up to date and accurate and where a correction is required, the necessary changes are made without delay? Nthe procedures in question may allow the data subject to rectify the data, or it could be the organisation itself who is rectifying data; this is quite complicated to represent. A provenance trace can be maintained to show that some discrepancy was detected, and then it was changed to show compliance. But the query itself cannot be resolved in the context of this work.
31
A4AccuracyRetentionRetentionAre retention policies and procedures in place to ensure data is held for no longer than is necessary for the purposes for which it was collected? Nthe procedures in question delete data once the purposes for which it was collected has been achieved, but this is difficult to evaluate programmatically. A query that can retrieve information about what data is collected and for what purposes can assist in this, but it cannot show whether the data was deleted at the correct time. This could use some information at the instance level, but this can turn very complex.
32
A5AccuracyRetentionRetention Legal ObligationsIs your business subject to other rules that require a minimum retention period (e.g. medical records/tax records)?Nthis query is based on legal documentation and does not involve provenance
33
A6AccuracyRetentionDestroy data securelyDo you have procedures in place to ensure data is destroyed securely, in accordance with your retention policies?assistiveYsteps that delete datathe particular of how deletion is achieved can be helpful in the context of this query; therefore the query can be resolved by identifying what personal data is being delete by what steps, which can then be helpful to investigate the methods used for secure deletionYSince the methods of deletion are common for all data subjects, this query can be run on the abstract model of the systemNYThe identification of steps that delete data can be done automatically
34
A7AccuracyRetentionDuplication of recordsAre procedures in place to ensure that there is no unnecessary or unregulated duplication of records?NThis query asks for steps that ensure there is no duplication of data. While it is possible to simply point this to a step or process that is said to do this, it is not sufficient to evaluate the query. Therefore, this is not within the context of the current work.
35
T1TransparencyTransparency to customers and employeesAre service users/employees fully informed of how you use their data in a concise, transparent, intelligible and easily accessible form using clear and plain language? 12,13,14NThis query does not directly relate to provenance; but it can reuse other queries if the personal data aspect is changed to only relate to employee data. This can be used to understand how the employee data is being used.
36
T2TransparencyProvide Information listed in Article 13Where personal data is collected directly from the individuals, are procedures in place to provide the information listed at Article 13 of the GDPR? 13assistiveYsteps that collect personal dataThis query cannot directly evaluated because asessing whether the information has been provided in a satisfactory manner is a qualitative evaluation. Instead, the query can provide information such as where personal data is collected, identifying the steps that collect this data. This can be used to explore the artefacts and methods used by the step in an effort to find if the required information is being displayed.YInformation related to what steps collect the data and what artefacts are associated with them is common for all data subjects. Therefore, this query should be run over the abstract information model of the system.NYrun this query on the latest model
37
T3TransparencyProvide Information listed in Article 14If personal data is not collected from the subject but from a third party (e.g. acquired as part of a merger) are procedures in place to provide the information listed at Article 14 of the GDPR? 14assistiveYsteps that collect personal dataLike the previous query, steps that collect personal data are identified, and then filtered based on who is providing the data, which in this case, is third parties. The rest of qualitative information rematins the same.YFilter steps that collect data based on the provider being a third partyNYrun this query on the latest model
38
T4TransparencyProvide information when engagingWhen engaging with individuals, such as when providing a service, sale of a good or CCTV monitoring, are procedures in place to proactively inform individuals of their GDPR rights?NThis is very context specific, and does not relate to provenance
39
T5TransparencyProvide information on facilitating rightsIs information on how the organisation facilitates individuals exercising their GDPR rights published in an easily accessible and readable format?NThis is not related to provenance
40
C1ControllerObligationsSupplier AgreementsHave agreements with suppliers and other third parties processing personal data on your behalf been reviewed to ensure all appropriate data protection requirements are included?27,28,29NThis is not related to provenance
41
C2ControllerObligationsData Protection OfficersDo you need to appoint a DPO as per Article 37 of the GDPR?37,38,39NThis is not related to provenance
42
C3ControllerObligationsReasons for not having a DPOIf it is decided that a DPO is not required, have you documented the reasons why? 37,38,39NThis is not related to provenance
43
C4ControllerObligationsEscalation proceduresWhere a DPO is appointed, are escalation and reporting lines in place? Are these procedures documented?37,38,39NThis is not related to provenance
44
C5ControllerObligationsHave you published the contact details of your DPO to facilitate your customers/ employees in making contact with them?
(Note: post 25 May 2018 you will also be required to notify your data protection authority of your DPO’s contact details)
37,38,39NThis is not related to provenance; Though the details of the DPO can be published using FOAF/V-Card for interoperability
45
C6ControllerObligationsData Protection Impact Assessments (DPIAs) If your data processing is considered high risk, do you have a process for identifying the need for, and conducting of, DPIAs? Are these procedures documented?35assistiveYsteps part of the DPIA processThis query essentially asks what steps are involved in the conducting of a DPIA; The latter part of the query talks about documentation, which can be linked and retrieved, but is not part of the provenance.YSince the query relates to steps, this can be answered by the abstract model of the systemNN
46
S1DataSecurityRisks involved in processing dataHave you assessed the risks involved in processing personal data and put measures in place to mitigate against them?32assistiveYsteps that process dataThis query requires assessment of risks involved in processing of data. This cannot be done programmatically. So the query provides information about what data is being processed, allowing an exploration of the processing operations which can then be used to analyse risks.YSince this is concerned with how the data is used within steps, the abstract model of the system is better suited for exploration.NN
47
S2DataSecurityDocumented Security ProgramIs there a documented security programme that specifies the technical, administrative and physical safeguards for personal data?32NThis is not related to provenance
48
S3DataSecurityResolving security related issuesIs there a documented process for resolving security related complaints and issues?32NThis is not related to provenance; Though the processes can be declared as steps/plans
49
S4DataSecurityDesignated individual for securityIs there a designated individual who is responsible for preventing and investigating security breaches?32NThis is not related to provenance
50
S5DataSecurityEncryptionAre industry standard encryption technologies employed for transferring, storing, and receiving individuals' sensitive personal information?32Nsteps that share dataThis query cannot be directly evaluated without knowledge about the type of encryption used to share data. However, it can assist by providing information about what steps share data, which can then be used to explore the data sharing practices.
51
S6DataSecurityRemoving informationIs personal information systematically destroyed, erased, or anonymised when it is no longer legally required to be retained.32NThis is not related to provenance
52
S7DataSecurityRestoring accessCan access to personal data be restored in a timely manner in the event of a physical or technical incident?32NThis is not related to provenance
53
B1DataBreachDocumented incident plansDoes the organisation have a documented privacy and security incident response plan?33,34evaluativeYprocesses or plan that address security incidentsThis is the provenance model for how to respond to a security incident response. This can be expressed through the abstract system model.YThe abstract model contains information about what should happen in case of a security incident. The query will retrieve this model.NYThe query can be automated as it is simply retrieving the specific plans/processes that satisfy the criteria
54
B2DataBreachRegular reviewsAre plans and procedures regularly reviewed?33,34NThis query does not relate to provenance; Though information about each review can be stored as a provenance trace and queried over instances to ensure they are regularly reviewed (by comparing timestamps between reviews)
55
B3DataBreachNotifying authoritiesAre there procedures in place to notify the office of the Data Protection Commissioner of a data breach?33,34evaluativeYprocesses or plans for notifying DPCThe query provides information about processes or plans that notify the DPC. Since this is only a plan, it is queried over the abstract model of the system.YThe query retrieves the specific steps associated with notifying the DPC.YThis query can be automated
56
B4DataBreachNotifying data subjectsAre there procedures in place to notify data subjects of a data breach (where applicable)?33,34evaluativeYprocesses or plans for notifying data subjects of a data breachThe query provides information about processes or plans that notify the data subjects. Since this is only a plan, it is queried over the abstract model of the system.The query retrieves the specific steps associated with notifying the data subjectsYThis query can be automated
57
B5DataBreachDocumentation of data breachesAre all data breaches fully documented?33,34NThe query asks to retrieve documentation; Indirectly, this is provenance information, as data breaches occuring need to be stored as provenance traces, but currently this is out of context for the work
58
B6DataBreachCo-operation procedures for data breachAre there cooperation procedures in place between data controllers, suppliers and other partners to deal with data breaches?33,34NThis is a complex operation, and may not be evaluable with current level of provenance information; Therefore, is considered out of scope for this work
59
I1InternationalDataTransferData transfer outside EEAIs personal data transferred outside the EEA, e.g. to the US or other countries?44,45,46,47,48,49,50evaluativeYsteps that share dataThe query basically checks if data is being transferred to regions outside the jurisdiction of the EU. This can be done only if the relevant metadata specifies the region of transfer.YThis query can be evaluated on the abstract model of the system if it contains the relevant informationYIt can also be used to resolve dynamic data transfers, though this would need further investigation of the region, such as in case of IP addresses, knowing where it is locatedYIt can be automated
60
I2InternationalDataTransferSpecial category of Personal Data in TransferDoes this include any special categories of personal data?44,45,46,47,48,49,50evaluativeYresults from I1, category of personal dataThis query refines the previous query to identify if it includes special categories of dataYAs before, this can be evaluated over the abstract modelNCan be executed over instances, but identifying special categories is difficultYIt can be automated
61
I3InternationalDataTransferPurpose of TransferWhat is the purpose(s) of the transfer?44,45,46,47,48,49,50assistiveYsteps that share dataThe query may not be resolvable if the metadata does not specify the purpose of the transfer. In that case, providing information about the data transfers themselves can be helpful.YData transfers can be obtained from abstract modelYInstances also contain information about data transfers that may need investigationsYIt can be automated
62
I4InternationalDataTransferTransfer RecipientsWho is the transfer to?44,45,46,47,48,49,50evaluativeYsteps that share dataThe query retrieves the entity the data is shared with. Since GDPR mandates this information to be present, the query should be able to retrieve itYThis can be evaluated over the abstract modelYIt can also be used to investigate instances of data sharing and who they were shared withYIt can be automated
63
I5InternationalDataTransferTransfer DetailsAre all transfers listed - including answers to the previous questions (e.g. the nature of the data, the purpose of the processing, from which country the data is exported and which country receives the data and who the recipient of the transfer is?)44,45,46,47,48,49,50NThis cannot be evaluated programmatically
64
I6InternationalDataTransferLegality of international transfersIs there a legal basis for the transfer, e.g. EU Commission adequacy decision; standard contractual clauses. Are these bases documented?NThis query can be evaluated if the information exists along with each data transfer. Currently, it is assumed that this is not the case.
65
I7InternationalDataTransferTransparencyAre data subjects fully informed about any intended international transfers of their personal data?Nsteps that share dataThe query can be interpreted as whether data subjects are informed of any data sharing processes before they actually happen. Therefore, this is a query over the abstract model.