http://purl.org/net/p-plan# http://www.w3.org/ns/prov-o-20130430 http://purl.org/adaptcentre/people/harshvardhan_pandit gdprov https://w3id.org/GDPRov# The GDPR Provenance ontology http://purl.org/adaptcentre/people/dave_lewis 2017-08-01 2018-04-06 0.7 GDPRov is an OWL2 ontology to express provenance metadata of consent and data lifecycles towards documenting compliance for GDPR. The General Data Protection Regulation (GDPR) is an European law governing the use of consent and personal data. Some of its obligations involve concepts related to the lifecycles of consent and personal data. Such obligations are concerned with how the collection, use, processing, sharing, and storing of consent and personal data takes place and provides the motivation for a form of documentation that can demonstrate the required information towards compliance. GDPRov is an OWL2 ontology for representing this information as provenance metadata using terms relevant to the GDPR. It extends PROV-O and P-Plan to represent the lifecyles as an abstract model of how things should happen or will happen (future) as well as instance of what has happened (past). The ontology is being developed as part of contributions towards PhD research by its primary author. https://creativecommons.org/licenses/by/4.0/ GDPRov is an ontology for expressing provenance metadata in the context of the General Data Protection Regulation (GDPR) and its compliance. It extends PROV-O and P-Plan. PROV-O is the ontology based on the PROV model, a W3C recommendation, while P-Plan is an extension of PROV-O. PROV is used to define terms or 'instances' of what has happened in the past, while P-Plan is used to define the abstract model or 'Plan' of things to happen. GDPRov uses P-Plan to create a template/model/plan as an abstract or model representation of a system which is then recorded using PROV-O instances to show something has happened. The aim of the ontology is to enable representation of consent and personal data lifecycles using terms relevant to GDPR and to facilitate expression of this information towards documentation related to compliance. https://openscience.adaptcentre.ie/ontologies/gdprov/v/gdprov.0.7.owl ##AcquireConsentActivity Is an activity that acquires consent. ##AcquireConsentActivity gdprtext:ObtainingConsent ##AcquireConsentActivity Acquire Consent Activity ##AcquireConsentActivity ##ConsentAcquisitionStep ##AnonymisationActivity Is an activity that anonymises data. ##AnonymisationActivity Anonymisation Activity ##AnonymisationActivity ##DataAnonymisationStep ##Anonymised Anonymised represents the Anonymisation level where the data cannot be de-anonymised to retrieve personally identifiable information. ##Anonymised Anonymised ##AnonymisedData Represents data that has been Anonymised at some level reflected by the hasAnonymityLevel object property ##AnonymisedData gdprtext:AnonymousData ##AnonymisedData gdprtext:PseudoAnonymousData ##AnonymisedData AnonymisedData ##AnonymisedData ##AnonymisedDataEntity ##AnonymisedDataEntity Is an entity where personal data has been anonymised to some extent. ##AnonymisedDataEntity gdprtext:AnonymousData ##AnonymisedDataEntity gdprtext:PseudoAnonymousData ##AnonymisedDataEntity Anonymised Data Entity ##AnonymisedDataEntity ##AnonymisedData ##AnonymityLevel Provides a way to express the Anonymity Level of AnonymisedData objects through the object property hasAnonymityLevel ##AnonymityLevel gdprtext:AnonymousData ##AnonymityLevel gdprtext:PseudoAnonymousData ##AnonymityLevel AnonymityLevel ##AppointProcessor Reflects the process(es) used to appoint processors ##AppointProcessor gdprtext:AppointmentOfProcessors ##AppointProcessor Appoint Processor ##ArchiveConsentActivity An activity that archives given/acquired consent for storage. ##ArchiveConsentActivity Archive Consent Activity ##ArchiveConsentActivity ##ConsentArchivalStep ##AutomatedStep AutomatedStep ##ConsentAcquisitionStep ConsentAcquisitionStep deals with acquiring consent from the user. It uses Terms and Conditions along with the appropriate Consent Model as the basis of obtaining consent from the user. The output of this step is the consent object agreed upon by the user. ##ConsentAcquisitionStep gdprtext:ObtainingConsent ##ConsentAcquisitionStep Consent Acquisition Step ##ConsentAcquisitionStep ##AcquireConsentActivity ##ConsentActivity Is an activity dealing with consent. ##ConsentActivity gdprtext:ConsentActivity ##ConsentActivity Consent Activity ##ConsentActivity ##ConsentStep ##ConsentAgreement ConsentAgreement reflects the consent provided by the user based on the provided Terms and Conditions and Consent Agreement Templates. It is the set of permissions the user has specifically provided or refused to provide. This consent is useful to provide justification of activities that use user data. ##ConsentAgreement gdprtext:GivenConsent ##ConsentAgreement ConsentAgreement ##ConsentAgreement ##GivenConsent ##ConsentAgreementTemplate This is a template for consent requested from the user. ##ConsentAgreementTemplate gdprtext:Consent ##ConsentAgreementTemplate gdprtext:ObligationForObtainingConsent ##ConsentAgreementTemplate gdprtext:ValidConsent ##ConsentAgreementTemplate ConsentAgreementTemplate ##ConsentAgreementTemplate ##GivenConsentTemplate ##ConsentArchivalStep ConsentArchivalStep archives acquired consent to form a record of the consent given by the user. ##ConsentArchivalStep gdprtext:DemonstratingConsent ##ConsentArchivalStep Consent Archival Step ##ConsentArchivalStep ##ArchiveConsentActivity ##ConsentModificationStep ConsentModificationStep deals with modifications to the consent by the user. It invalidates the previous consent object and produces a new updated consent object that represents the modified consent. ##ConsentModificationStep gdprtext:ObligationForObtainingConsent ##ConsentModificationStep Consent Modification Step ##ConsentModificationStep ##ModifyConsentActivity ##ConsentStep A ConsentStep acts/interacts with/uses Consent ##ConsentStep gdprtext:ConsentActivity ##ConsentStep Consent Step ##ConsentStep ##ConsentActivity ##ConsentWithdrawalProcess A ConsentWithdrawalProcess deals with the withdrawal of consent by the user and the corresponding activity carried out within the system ##ConsentWithdrawalProcess gdprtext:WithdrawingConsent ##ConsentWithdrawalProcess Consent Withdrawal Process ##ConsentWithdrawalProcess ##ConsentWithdrawalStep ##ConsentWithdrawalStep ConsentWithdrawalStep deals with withdrawal of consent ##ConsentWithdrawalStep gdprtext:CanBeWithdrawnEasilyConsentObligation ##ConsentWithdrawalStep gdprtext:WithdrawingConsent ##ConsentWithdrawalStep Consent Withdrawal Step ##ConsentWithdrawalStep ##WithdrawConsentActivity ##Controller A ThirdPartyDataController is a Third Party entity that acts as a Data Controller ##Controller gdprtext:Controller ##Controller Controller ##ControllerRepresentative A Representative of the Controller ##ControllerRepresentative gdprtext:ControllerRepresentative ##ControllerRepresentative Controller Representative ##CrossBorderDataTransfer Reflects cross-border transfer of data ##CrossBorderDataTransfer gdprtext:CrossBorderTransfer ##CrossBorderDataTransfer Cross-border Data Transfer ##CrossBorderDataTransfer ##CrossBorderTransferActivity ##CrossBorderTransferActivity Is an activity that transfer data across borders (as defined in the GDPR). ##CrossBorderTransferActivity gdprtext:CrossBorderTransfer ##CrossBorderTransferActivity Cross Border Transfer Activity ##CrossBorderTransferActivity ##CrossBorderDataTransfer ##DPO The Data Protection Officer appointed to an organisation. ##DPO gdprtext:DPO ##DPO Data Protection Officer (DPO) ##Data Represents class of data collected or generated through various activities ##Data gdprtext:Data ##Data Data ##Data ##DataEntity ##DataAccessProcess A DataAccessProcess corresponds to the request made by an user for access to their data within the system. This process is responsible for handling the request process and providing the appropriate data to the end user. ##DataAccessProcess gdprtext:ProvideCopyOfPersonalData ##DataAccessProcess Data Access Process ##DataActivity Is an activity involving data. ##DataActivity gdprtext:DataActivity ##DataActivity Data Activity ##DataActivity ##DataStep ##DataAnonymisationStep DataAnonymisationStep anonymises data by transforming it from one form to another along the anonymisation chain. Anonymisation can be represented as a spectrum going from raw user data to pseudo-anonymised data that can be de-anonymised by the same agent/organisation to pseudo-anonymous data that cannot be deanonymised internally, but may be done by external agents who have access to other data, and finally to completely anonymised data. ##DataAnonymisationStep Data Anonymisation Step ##DataAnonymisationStep ##AnonymisationActivity ##DataArchivalActivity Is an activity that archives data. Archival is transformation of data into some form for storage. ##DataArchivalActivity gdprtext:ArchiveData ##DataArchivalActivity Data Archival Activity ##DataArchivalActivity ##DataArchivalStep ##DataArchivalProcess A DataArchivalProcess describes the process of data archival ##DataArchivalProcess gdprtext:ArchiveData ##DataArchivalProcess Data Archival Process ##DataArchivalStep DataArchivalStep archives data by transforming it and storing it ##DataArchivalStep gdprtext:ArchiveData ##DataArchivalStep Data Archival Step ##DataArchivalStep ##DataArchivalActivity ##DataBreachActivity Is an activity dealing with data breach. ##DataBreachActivity gdprtext:ReportDataBreach ##DataBreachActivity Data Breach Activity ##DataBreachActivity ##DataBreachStep ##DataBreachRecord A record of a data breach. ##DataBreachRecord gdprtext:MaintainRecordOfBreach ##DataBreachRecord Data Breach Record ##DataBreachStep Step representing an action associated with data breach. ##DataBreachStep gdprtext:ReportDataBreach ##DataBreachStep Data Breach Step ##DataBreachStep ##DataBreachActivity ##DataCollectionActivity Is an activity that collects or acquires data. ##DataCollectionActivity gdprtext:CollectionOfPersonalData ##DataCollectionActivity Data Collection Activity ##DataCollectionActivity ##DataCollectionStep ##DataCollectionStep DataCollectionStep collects data from the user ##DataCollectionStep gdprtext:CollectionOfPersonalData ##DataCollectionStep Data Collection Step ##DataCollectionStep ##DataCollectionActivity ##DataDeanonymisationStep DataDeanonymisationStep deanonymises data by transforming it from one form to another along the anonymisation chain. ##DataDeanonymisationStep Data Deanonymisation Step ##DataDeanonymisationStep ##DeAnonymisationActivity ##DataDeletionActivity Is an activity that deletes or erases data. ##DataDeletionActivity gdprtext:EraseData ##DataDeletionActivity Data Deletion Activity ##DataDeletionActivity ##DataDeletionStep ##DataDeletionStep DataDeletionStep deletes data from within the system; The deletion is expressed as prov:invalidated over the dataset. ##DataDeletionStep gdprtext:EraseData ##DataDeletionStep Data Deletion Step ##DataDeletionStep ##DataDeletionActivity ##DataEntity Represents a data entity. ##DataEntity gdprtext:Data ##DataEntity Data Entity ##DataEntity ##Data ##DataErasureProcess A DataErasureProcess is responsible for handling the data erasure of a data subject. ##DataErasureProcess gdprtext:EraseData ##DataErasureProcess Data Erasure Process ##DataRectificationProcess A DataRectificationProcess describes the process of data rectification, which is the correction of data already present within the system ##DataRectificationProcess gdprtext:RectifyData ##DataRectificationProcess Data Rectification Process ##DataSharingActivity Is an activity that shares data. ##DataSharingActivity gdprtext:ShareDataWithThirdParty ##DataSharingActivity Data Sharing Activity ##DataSharingActivity ##DataSharingStep ##DataSharingStep DataSharingStep shares data with another agent/organisation. These may be internal or external entities. ##DataSharingStep gdprtext:ShareDataWithThirdParty ##DataSharingStep Data Sharing Step ##DataSharingStep ##DataSharingActivity ##DataStep A DataStep deals with data ##DataStep gdprtext:DataActivity ##DataStep Data Step ##DataStep ##DataActivity ##DataStepWithoutProvenance Data Step without Provenance ##DataStorageActivity Is an activity that stores data. ##DataStorageActivity gdprtext:StoreData ##DataStorageActivity Data Storage Activity ##DataStorageActivity ##DataStorageStep ##DataStorageStep DataStorageStep stores data within the system ##DataStorageStep gdprtext:StoreData ##DataStorageStep Data Storage Step ##DataStorageStep ##DataStorageActivity ##DataSubject An individual or entity ##DataSubject gdprtext:DataSubject ##DataSubject Data Subject ##DataTransferActivity Data Transfer Activity ##DataTransferStep DataTransferStep ##DataTransformationActivity Is an activity that transforms data. ##DataTransformationActivity Data Transformation Activity ##DataTransformationActivity ##DataTransformationStep ##DataTransformationStep DataTransformationStep transforms data from one form into another. ##DataTransformationStep Data Transformation Step ##DataTransformationStep ##DataTransformationActivity ##DataUsageActivity Is an activity that uses data. Can also be termed as 'Processing' of data. ##DataUsageActivity gdprtext:UseData ##DataUsageActivity Data Usage Activity ##DataUsageActivity ##DataUsageStep ##DataUsageStep A DataUsageStep is a DataStep that uses existing data present within the system ##DataUsageStep gdprtext:Processing ##DataUsageStep Data Usage Step ##DataUsageStep ##DataUsageActivity ##DeAnonymisationActivity Is an activity that deanonymises data. ##DeAnonymisationActivity DeAnonymisation Activity ##DeAnonymisationActivity ##DataDeanonymisationStep ##DeAnonymised DeAnonymised represents the Anonymisation level where the data is completely de-anonymised and contains directly accessible personally identifiable information. ##DeAnonymised DeAnonymised ##DirectMarketing Direct Marketing where the marketing is done directly to the data subject. ##DirectMarketing gdprtext:DirectMarketing ##DirectMarketing Direct Marketing ##GivenConsent Represents the given consent by the data subject. ##GivenConsent gdprtext:GivenConsent ##GivenConsent Given Consent ##GivenConsent ##ConsentAgreement ##GivenConsentTemplate Is the template used to obtain the given consent. ##GivenConsentTemplate Given Consent Template ##GivenConsentTemplate ##ConsentAgreementTemplate ##HandleDataBreachProcess A process that defines the actions that should be undertaken in event of a data breach ##HandleDataBreachProcess gdprtext:DataBreach ##HandleDataBreachProcess HandleDataBreachProcess ##HandleRightOfDataPortability The process or series of steps that handle the right of data portability. ##HandleRightOfDataPortability gdprtext:RightOfDataPortability ##HandleRightOfDataPortability Handle Right of Data Portability ##HandleRightOfErasure The process or series of steps that handle the right of erasure. ##HandleRightOfErasure gdprtext:RightOfErasure ##HandleRightOfErasure Handle Right of Erasure ##HandleRightToAccessPersonalData The process or series of steps that handle the right to access personal data. ##HandleRightToAccessPersonalData gdprtext:RightOfErasure ##HandleRightToAccessPersonalData Handle Right to access Personal Data ##HandleRightToBasicInfoAboutProcessing The process or series of steps that handle the right to basic information about processing. ##HandleRightToBasicInfoAboutProcessing gdprtext:RightToBasicInformationAboutProcessing ##HandleRightToBasicInfoAboutProcessing Handle Right to basic information about Processing ##HandleRightToNoAutomatedProcessing The process or series of steps that handle the right to not be processed automatically. ##HandleRightToNoAutomatedProcessing gdprtext:RightToNotBeEvaluatedThroughAutomatedProcessing ##HandleRightToNoAutomatedProcessing Handle Right to not be evaluated through Automated Processing ##HandleRightToObjectDirectMarketing The process or series of steps that handle the right to object to direct marketing. ##HandleRightToObjectDirectMarketing gdprtext:RightToObjectForDirectMarketting ##HandleRightToObjectDirectMarketing Handle Right to Object to Direct Marketing ##HandleRightToObjectProcessing The process or series of steps that handle the right to object to processing. ##HandleRightToObjectProcessing gdprtext:RightToObjectToProcessing ##HandleRightToObjectProcessing Handle Right to Object to Processing ##HandleRightToRectification The process or series of steps that handle the right to rectification of personal data. ##HandleRightToRectification gdprtext:RightToRectification ##HandleRightToRectification Handle Right to Rectification ##HandleRightToRestrictProcessing The process or series of steps that handle the right to restrict processing. ##HandleRightToRestrictProcessing gdprtext:RightToRestrictProcessing ##HandleRightToRestrictProcessing Handle Right to restrict Processing ##HandleRightToTransparency The process or series of steps that handle the right to transparency. ##HandleRightToTransparency gdprtext:RightToTransparency ##HandleRightToTransparency Handle Right to Transparency ##HandleSAR HandleSAR ##ImpactAssessment Represents the process or collection of steps representing the Impact Assessment. ##ImpactAssessment gdprtext:ImpactAssessment ##ImpactAssessment Impact Assessment ##JointController A Joint Controller is where two or more controllers jointly determine the purposes and means of processing. ##JointController gdprtext:JointController ##JointController Joint Controller(s) ##Marketing Marketing as a process or collection of steps. ##Marketing gdprtext:Marketing ##Marketing Marketing ##ModifyConsentActivity Is an activity that modifies given consent. ##ModifyConsentActivity Modify Consent Activity ##ModifyConsentActivity ##ConsentModificationStep ##MonitorCompliance The process of monitoring compliance as mandated by the GDPR. ##MonitorCompliance gdprtext:MonitorCompliance ##MonitorCompliance Monitor Compliance ##NotifyController Step that notifies the controller of data breach. ##NotifyController gdprtext:ReportDataBreachToController ##NotifyController Notify Controller ##NotifyController ##NotifyControllerActivity ##NotifyControllerActivity Is an activity that notifies controller about data breach ##NotifyControllerActivity gdprtext:ReportDataBreachToController ##NotifyControllerActivity Notify Controller Activity ##NotifyControllerActivity ##NotifyController ##NotifyDPA Step that notifies the Data Protection Authorities of a data breach. ##NotifyDPA gdprtext:ReportDataBreachToDPAWithin72Hours ##NotifyDPA Notify Data Protection Authority ##NotifyDPA ##NotifyDPAActivity ##NotifyDPAActivity Is an activity that notifies data protection authorities about data breach ##NotifyDPAActivity gdprtext:ReportDataBreachToDPAWithin72Hours ##NotifyDPAActivity Notify DPA Activity ##NotifyDPAActivity ##NotifyDPA ##NotifyDataSubject Step that notifies the data subject of data breach. ##NotifyDataSubject gdprtext:NotifyDataSubjectOfBreach ##NotifyDataSubject Notify Data Subject ##NotifyDataSubject ##NotifyDataSubjectActivity ##NotifyDataSubjectActivity Is an activity that notifies data subjects about data breach ##NotifyDataSubjectActivity gdprtext:NotifyDataSubjectOfBreach ##NotifyDataSubjectActivity Notify Data Subject Activity ##NotifyDataSubjectActivity ##NotifyDataSubject ##PersonalData PersonalData is any data pertaining to the user which can contain personally identifiable information or a data set generated by the system using personally identifiable information acquired through direct or indirect means ##PersonalData gdprtext:PersonalData ##PersonalData PersonalData ##PersonalData ##PersonalDataEntity ##PersonalDataEntity Represents a personal data entity. ##PersonalDataEntity gdprtext:PersonalData ##PersonalDataEntity Personal Data Entity ##PersonalDataEntity ##PersonalData ##Process A Process describes a 'Plan' of action for carrying out a particular activity that uses or is related to Data or Consent ##Process Process ##Processor A ThirdPartyDataProcessor is a Third Party entity that acts as a Data Processor ##Processor gdprtext:Processor ##Processor Processor ##ProcessorRepresentative A representative of the Processor. ##ProcessorRepresentative gdprtext:ProcessorRepresentative ##ProcessorRepresentative Processor Representative ##ProvideCopyOfPersonalData A step that provides the data subject with a copy of their personal data. ##ProvideCopyOfPersonalData gdprtext:ProvideCopyOfPersonalData ##ProvideCopyOfPersonalData Provide copy of Personal Data ##PseudoAnonymised PseudoAnonymised represents the Anonymisation level where the data is anonymised but cannot be de-anonymised without additional data which is NOT accessible to the data-holding organisation to retrieve personally identifiable information. ##PseudoAnonymised PseudoAnonymised ##PseudoOrganisationalAnonymised PseudoOrganisationalAnonymised represents the Anonymisation level where the data is anonymised but cannot be de-anonymised without additional data which is accessible to the data-holding organisation to recreate the de-anonymised information. ##PseudoOrganisationalAnonymised PseudoOrganisationalOrganised ##RectifyData Rectifies existing data ##RectifyData gdprtext:RectifyData ##RectifyData Rectify Data ##RectifyData ##RectifyDataActivity ##RectifyDataActivity Is an activity that recitifies data. ##RectifyDataActivity Rectify Data Activity ##RectifyDataActivity ##RectifyData ##ReportDataBreach The process of reporting after a data breach has taken place. ##ReportDataBreach gdprtext:ReportDataBreach ##ReportDataBreach Report Data Breach ##SensitiveData Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. ##SensitiveData gdprtext:SensitivePersonalData ##SensitiveData Sensitive Personal Data ##SensitiveData ##SensitiveDataEntity ##SensitiveDataEntity Is an entity containing sensitive personal information. ##SensitiveDataEntity gdprtext:SensitivePersonalData ##SensitiveDataEntity Sensitive Data Entity ##SensitiveDataEntity ##SensitiveData ##SubProcessor A Processor appointed under or by another Processor is a Sub-Processor. ##SubProcessor gdprtext:SubProcessor ##SubProcessor Sub-Processor ##TermsAndConditions Terms and Conditions of usage as provided to the user in agreement of provided service ##TermsAndConditions TermsAndConditions ##TermsAndConditions ##TermsAndConditionsEntity ##TermsAndConditionsEntity Represents the Terms and Conditions entity. ##TermsAndConditionsEntity Terms and Conditions Entity ##TermsAndConditionsEntity ##TermsAndConditions ##ThirdParty A ThirdParty is any external entitiy associated with some internal activity ##ThirdParty gdprtext:Entity ##ThirdParty ThirdParty ##UserIdentifier An UserIdentifier is a specific way to identify the user through a unique ID or a combination of other attributes ##UserIdentifier UserIdentifier ##UserIdentifier ##UserIdentifierEntity ##UserIdentifierEntity Is an entity acting as the user identifier. Or contains an identifier. ##UserIdentifierEntity User Identifier Entity ##UserIdentifierEntity ##UserIdentifier ##UserInputStep User Input Step ##UserInteractionStep User Interaction Step ##UserOutputStep User Output Step ##WithdrawConsentActivity Is an activity that withdraws given consent. Can also term it so as to depict withdrawal as a modification of consent. ##WithdrawConsentActivity gdprtext:WithdrawingConsent ##WithdrawConsentActivity Withdraw Consent Activity ##WithdrawConsentActivity ##ConsentWithdrawalStep ##anonymityLevel anonymity level ##anonymityLevel true ##archivesConsentAs Archives the consent into some entity ##archivesConsentAs archives consent as ##collectsData Links data obtained (collected) by the step/activity that acquired it ##collectsData collectsData ##generatesAnonymisedData Indicates that an DataAnonymisationStep transforms a Data object into AnonymisedData ##generatesAnonymisedData generatesAnonymisedData ##generatesConsentAgreement Generates ConsentAgreement which is a the consent granted by the user based on the ConsentAgreementTemplate through a ConsentAcquisitionStep ##generatesConsentAgreement generatesConsentAgreement ##generatesData produces data ##generatesData generatesData ##hasAnonymityLevel Indicates the anonymity level of an AnonymisedData object using instances of the AnonymityLevel class ##hasAnonymityLevel hasAnonymityLevel ##hasLegalBasis hasLegalBasis ##hasLegalJustification has legal justification ##hasLegalJustification true ##hasSharedDataWith hasSharedDataWith ##isAnonymisedByStep isAnonymisedByStep ##isConsentAgreementTemplateForStep isConsentAgreementTemplateForStep ##isDataCollectedByStep isDataCollectedByStep ##isDataGeneratedBy isDataGeneratedByStep ##isGeneratedByStep isGeneratedByStep ##isJustificationForDataStep isJustificationForDataStep ##isJustifiedUsingConsentAgreement justifies use of data by step through specified consent agreement ##isJustifiedUsingConsentAgreement isJustifiedUsingConsentAgreement ##isPartOfProcess isPartOfProcess ##isTermsAndConditionsForStep isTermsAndConditionsForStep ##isUsedByStep isUsedByStep ##sharesData Indicates sharing of Data through a DataStep ##sharesData sharesData ##sharesDataWith sharesDataWith ##sharesDataWithThirdParty Shares data with a third party ##sharesDataWithThirdParty sharesDataWithThirdParty ##sharesDataWithThirdParty true ##transferredDataToRegion transferredDataToRegion ##transfersDataToRegion transfersDataToRegion ##usesConsentAgreement uses Consent Agreement entity ##usesConsentAgreement uses Consent Agreement ##usesConsentAgreementTemplate links a Consent Acquisition Step with the Consent Agreement Template used to acquire consent ##usesConsentAgreementTemplate usesConsentAgreementTemplate ##usesData links step with data used ##usesData usesData ##usesTermsAndConditions Links a Consent Acquisition Step with the Terms and Conditions presented to the user when acquiring Consent ##usesTermsAndConditions usesTermsAndConditions