The GDPR method extension filter enhances the standard ARIS Method with a generic set of new models, objects, and attributes. You can use the following GDPR object attributes in addition to the standard ARIS object attributes. Only rarely are all object attributes used at the same time. Depending on your GDPR approach, method, and configuration, you use an attribute that is available at different objects, for example, Data privacy score, at only one of these objects.
Function
Attribute |
Use |
GDPR processing activity |
Specifies whether the function is a (GDPR) processing activity. |
Description |
Specifies the purpose of the processing activity. |
Data privacy score |
Specifies a score on a predefined scale to qualify the data privacy of the element. Example: The score derived from the Processing Activity Qualification questionnaire. |
Data sensitivity |
Indicates whether the data used by this object requires special handling. Options (default values):
|
Data/Cluster
Attribute |
Use |
Restriction level |
Indique le niveau d'utilisation légale des données. Options (valeurs par défaut) :
|
Data privacy score |
Specifies a score on a predefined scale to qualify the data privacy of the element. Example: A score derived from a data qualification questionnaire or from any external enterprise architecture system. |
Application system type
Attribute |
Use |
---|---|
Data sensitivity |
Indicates whether the data used by this object requires special handling. Options (default values):
|
GDPR qualification score |
Indicates a score on a predefined scale to qualify the GDPR-relevant assessment of the object. Example: A score derived from any external enterprise architecture system. |
GDPR risk relevance score |
Indicates a score on a predefined scale to qualify the GDPR risk relevance of the object. Example: A score derived from any external enterprise architecture system. |
Data privacy score |
Specifies a score on a predefined scale to qualify the data privacy of the element. Example: The score derived from the Application System Qualification questionnaire. |
Organizational unit
Attribute |
Use |
---|---|
Data protection officer |
Affiche le nom et l'adresse du délégué à la protection des données. À inclure dans l'enregistrement des activités de traitement. |
Data protection representative |
Affiche le nom et l'adresse du représentant de la protection des données. À inclure dans l'enregistrement des activités de traitement. |
Connection |
Use |
---|---|
is technically responsible for |
Organizational unit acting as controller. (Connection between organizational unit and function.) |
carries out |
Organizational unit acting as processor. (Connection between organizational unit and function.) |
For detailed information on GDPR modeling conventions, refer to the GDPR Conventions for ARIS Accelerators guide.