Namespace: com.sap.vocabularies.PersonalData.v1
Terms for annotating Personal Data
Personal Data is any information relating to an identified or identifiable natural person ("data subject").
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
Personal data can only be processed under certain legal grounds, e.g. explicit consent of the data subject or a contractual obligation.
This vocabulary defines terms specific to the European General Data Protection Regulation (GDPR).
Terms for contact and address information are defined in the Communication vocabulary.
| Term | Type | Description |
|---|---|---|
| EntitySemantics | EntitySemanticsType | Primary meaning of the entities in the annotated entity set |
| DataSubjectRole | String? | Role of the data subjects in this set (e.g. employee, customer) Values are application-specific. Can be a static value or a Path expression If the role varies per entity |
| DataSubjectRoleDescription | String? | Language-dependent description of the role of the data subjects in this set (e.g. employee, customer) Values are application-specific. Can be a static value or a Path expression If the role varies per entity |
| FieldSemantics | FieldSemanticsType | Primary meaning of the personal data contained in the annotated property Changes to values of annotated properties are tracked in the audit log. Use this annotation also on fields that are already marked as contact or address data. |
| IsPotentiallyPersonal | Tag | Property contains potentially personal data Personal data is information relating to an identified or identifiable natural person (data subject). Note: properties annotated with FieldSemantics need not be additionally annotated with this term.See also: What is personal data? |
| IsPotentiallySensitive | Tag | Property contains potentially sensitive personal data Sensitive data is a colloquial term usually including the following data:
|
Type: String
Primary meaning of the data contained in the annotated entity set
| Allowed Value | Description |
|---|---|
| DataSubject | Entities describing a data subject (an identified or identifiable natural person), e.g. customer, vendor, employee These entities are relevant for audit logging. There are no restrictions on their structure. The properties should be annotated suitably with FieldSemantics. |
| DataSubjectDetails | Entities containing details to a data subject (an identified or identifiable natural person) but not representing data subjects by themselves, e.g. street addresses, email addresses, phone numbers These entities are relevant for audit logging. There are no restrictions on their structure. The properties should be annotated suitably with FieldSemantics. |
| Other | Entities containing personal data or references to data subjects but not representing data subjects or data subject details by themselves, e.g. customer quote, customer order, purchase order with involved business partners These entities are relevant for audit logging. There are no restrictions on their structure. The properties should be annotated suitably with FieldSemantics. |
Type: String
Primary meaning of a data field
| Allowed Value | Description |
|---|---|
| DataSubjectID | The unique identifier for a data subject |
| DataSubjectIDType (Experimental) | The type of ID identifying the data subject and which is allocated when creating a consent record, e.g. an e-mail address or a phone number. |
| ConsentID (Experimental) | The unique identifier for a consent A consent is the action of the data subject confirming that the usage of his or her personal data shall be allowed for a given purpose. A consent functionality allows the storage of a consent record in relation to a specific purpose and shows if a data subject has granted, withdrawn, or denied consent. |
| PurposeID (Experimental) | The unique identifier for the purpose of a consent The purpose of a consent is the information that specifies the reason and the goal for the processing of a specific set of personal data. As a rule, the purpose references the relevant legal basis for the processing of personal data. |
| ContractRelatedID | The unique identifier for transactional data that is related to a contract that requires processing of personal data Examples: - Sales Contract ID - Purchase Contract ID - Service Contract ID |
| LegalEntityID (Experimental) | The unique identifier of a legal entity A legal entity is a corporation, an association, or any other organization of legal capacity, which has statutory rights and responsibilities. |
| UserID (Experimental) | The unique identifier of a user A user is an individual who interacts with the services supplied by a system. |
| EndOfBusinessDate (Experimental) | Defines the end of active business and the start of residence time and retention period End of business is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After this has been reached and a customer-defined residence period has passed, the data is blocked and can only be accessed by users with special authorizations (for example, tax auditors). All fields of type Edm.Date or Edm.DateTimeOffset on which the end of business determination depends should be annotated. |