Feat/dpp extension (#348)

SAP · Oct 15, 2024 · bcc0e05 · bcc0e05
1 parent 7f71a3b
commit bcc0e05
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 8 deletions.
diff --git a/vocabularies/PersonalData.json b/vocabularies/PersonalData.json
@@ -103,10 +103,12 @@
           "@Core.LongDescription": "Examples:\n\n                - Sales Contract ID\n\n                - Purchase Contract ID\n\n                - Service Contract ID\n                "
         },
         {
-          "@Common.Experimental": true,
           "Value": "LegalEntityID",
           "@Core.Description": "The unique identifier of a legal entity",
-          "@Core.LongDescription": "A legal entity is a corporation, an association, or any other organization of legal capacity, which has statutory rights and responsibilities."
+          "@Core.LongDescription": "A legal entity is a corporation, an association, or any other organization of legal capacity, which has statutory rights and responsibilities.",
+          "@Core.Revisions": [
+            { "Kind": "Deprecated", "Description": "Deprecated in favor of [`DataControllerID`](#DataControllerID)" }
+          ]
         },
         {
           "@Common.Experimental": true,
@@ -119,6 +121,24 @@
           "Value": "EndOfBusinessDate",
           "@Core.Description": "Defines the end of active business and the start of residence time and retention period",
           "@Core.LongDescription": "End of business is the point in time when the processing of a set of personal data is no longer required for the active business,\n                for example, when a contract is fulfilled. After this has been reached and a customer-defined residence period has passed, the data is blocked and can only be accessed\n                by users with special authorizations (for example, tax auditors).\n                All fields of type `Edm.Date` or `Edm.DateTimeOffset` on which the end of business determination depends should be annotated."
+        },
+        {
+          "@Common.Experimental": true,
+          "Value": "DataControllerID",
+          "@Core.Description": "The unique identifier of a data controller",
+          "@Core.LongDescription": "The unique identifier of a legal entity which alone or jointly with others determines the purposes and means of the processing of personal data. \n                The Data Controller is fully responsible (and accountable) that data protection and privacy principles (such as purpose limitation or data minimization), defined in the European General Data Protection Regulation (GDPR) or any other data protection legislation, are adhered to when processing personal data. The DataControllerID succeeds the LegalEntityID."
+        },
+        {
+          "@Common.Experimental": true,
+          "Value": "BlockingDate",
+          "@Core.Description": "Defines a date that marks when the provider of the data will block these",
+          "@Core.LongDescription": "Defines a date that marks when the provider of the data will block these. This is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After it has been reached, the data is blocked in the source and can only be displayed by users with special authorizations (for example, tax auditors); however, it is not allowed to create/change/copy/follow-up blocked data. Consumers of the data should consider if there is an additional purpose to process the data beyond the defined blocking date."
+        },
+        {
+          "@Common.Experimental": true,
+          "Value": "EndOfRetentionDate",
+          "@Core.Description": "Defines the date when the provider destroys the data",
+          "@Core.LongDescription": "Defines a date that marks when the provider of the data can destroy these. Consumers of the data should consider if there is an additional purpose (or a legal hold) to process the data beyond the defined destruction date."
         }
       ]
     },

diff --git a/vocabularies/PersonalData.md b/vocabularies/PersonalData.md
@@ -31,8 +31,8 @@ Term|Type|Description
 [DataSubjectRole](PersonalData.xml#L61)|String?|<a name="DataSubjectRole"></a>Role of the data subjects in this set (e.g. employee, customer)<br>Values are application-specific. Can be a static value or a `Path` expression If the role varies per entity
 [DataSubjectRoleDescription](PersonalData.xml#L68)|String?|<a name="DataSubjectRoleDescription"></a>Language-dependent description of the role of the data subjects in this set (e.g. employee, customer)<br>Values are application-specific. Can be a static value or a `Path` expression If the role varies per entity
 [FieldSemantics](PersonalData.xml#L111)|[FieldSemanticsType](#FieldSemanticsType)|<a name="FieldSemantics"></a>Primary meaning of the personal data contained in the annotated property<br>Changes to values of annotated properties are tracked in the audit log. Use this annotation also on fields that are already marked as contact or address data.
-[IsPotentiallyPersonal](PersonalData.xml#L195)|[Tag](https://github.com/oasis-tcs/odata-vocabularies/blob/main/vocabularies/Org.OData.Core.V1.md#Tag)|<a name="IsPotentiallyPersonal"></a>Property contains potentially personal data<br>Personal data is information relating to an identified or identifiable natural person (data subject).<br>Note: properties annotated with [`FieldSemantics`](#FieldSemantics) need not be additionally annotated with this term.<br>See also: [What is personal data?](https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en)
-[IsPotentiallySensitive](PersonalData.xml#L206)|[Tag](https://github.com/oasis-tcs/odata-vocabularies/blob/main/vocabularies/Org.OData.Core.V1.md#Tag)|<a name="IsPotentiallySensitive"></a>Property contains potentially sensitive personal data<br><p>Sensitive data is a colloquial term usually including the following data:</p> <ul> <li>Special categories of personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or sex life or sexual orientation</li> <li>Personal data subject to professional secrecy</li> <li>Personal data relating to criminal or administrative offences</li> <li>Personal data concerning bank or credit card accounts</li> </ul> <p>See also: <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en">What personal data is considered sensitive?</a></p> 
+[IsPotentiallyPersonal](PersonalData.xml#L227)|[Tag](https://github.com/oasis-tcs/odata-vocabularies/blob/main/vocabularies/Org.OData.Core.V1.md#Tag)|<a name="IsPotentiallyPersonal"></a>Property contains potentially personal data<br>Personal data is information relating to an identified or identifiable natural person (data subject).<br>Note: properties annotated with [`FieldSemantics`](#FieldSemantics) need not be additionally annotated with this term.<br>See also: [What is personal data?](https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data_en)
+[IsPotentiallySensitive](PersonalData.xml#L238)|[Tag](https://github.com/oasis-tcs/odata-vocabularies/blob/main/vocabularies/Org.OData.Core.V1.md#Tag)|<a name="IsPotentiallySensitive"></a>Property contains potentially sensitive personal data<br><p>Sensitive data is a colloquial term usually including the following data:</p> <ul> <li>Special categories of personal data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data, data concerning health or sex life or sexual orientation</li> <li>Personal data subject to professional secrecy</li> <li>Personal data relating to criminal or administrative offences</li> <li>Personal data concerning bank or credit card accounts</li> </ul> <p>See also: <a href="https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en">What personal data is considered sensitive?</a></p> 
 
 <a name="EntitySemanticsType"></a>
 ## [EntitySemanticsType](PersonalData.xml#L76)
@@ -59,6 +59,9 @@ Allowed Value|Description
 [ConsentID](PersonalData.xml#L128) *([Experimental](Common.md#Experimental))*|The unique identifier for a consent<br>A consent is the action of the data subject confirming that the usage of his or her personal data shall be allowed for a given purpose. A consent functionality allows the storage of a consent record in relation to a specific purpose and shows if a data subject has granted, withdrawn, or denied consent.
 [PurposeID](PersonalData.xml#L140) *([Experimental](Common.md#Experimental))*|The unique identifier for the purpose of a consent<br>The purpose of a consent is the information that specifies the reason and the goal for the processing of a specific set of personal data. As a rule, the purpose references the relevant legal basis for the processing of personal data.
 [ContractRelatedID](PersonalData.xml#L150)|The unique identifier for transactional data that is related to a contract that requires processing of personal data<br>Examples:<br> - Sales Contract ID<br> - Purchase Contract ID<br> - Service Contract ID
-[LegalEntityID](PersonalData.xml#L164) *([Experimental](Common.md#Experimental))*|The unique identifier of a legal entity<br>A legal entity is a corporation, an association, or any other organization of legal capacity, which has statutory rights and responsibilities.
-[UserID](PersonalData.xml#L172) *([Experimental](Common.md#Experimental))*|The unique identifier of a user<br>A user is an individual who interacts with the services supplied by a system.
-[EndOfBusinessDate](PersonalData.xml#L180) *([Experimental](Common.md#Experimental))*|Defines the end of active business and the start of residence time and retention period<br>End of business is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After this has been reached and a customer-defined residence period has passed, the data is blocked and can only be accessed by users with special authorizations (for example, tax auditors). All fields of type `Edm.Date` or `Edm.DateTimeOffset` on which the end of business determination depends should be annotated.
+[LegalEntityID](PersonalData.xml#L164) *(Deprecated)*|Deprecated in favor of [`DataControllerID`](#DataControllerID)
+[UserID](PersonalData.xml#L179) *([Experimental](Common.md#Experimental))*|The unique identifier of a user<br>A user is an individual who interacts with the services supplied by a system.
+[EndOfBusinessDate](PersonalData.xml#L187) *([Experimental](Common.md#Experimental))*|Defines the end of active business and the start of residence time and retention period<br>End of business is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After this has been reached and a customer-defined residence period has passed, the data is blocked and can only be accessed by users with special authorizations (for example, tax auditors). All fields of type `Edm.Date` or `Edm.DateTimeOffset` on which the end of business determination depends should be annotated.
+[DataControllerID](PersonalData.xml#L198) *([Experimental](Common.md#Experimental))*|The unique identifier of a data controller<br>The unique identifier of a legal entity which alone or jointly with others determines the purposes and means of the processing of personal data. The Data Controller is fully responsible (and accountable) that data protection and privacy principles (such as purpose limitation or data minimization), defined in the European General Data Protection Regulation (GDPR) or any other data protection legislation, are adhered to when processing personal data. The DataControllerID succeeds the LegalEntityID.
+[BlockingDate](PersonalData.xml#L207) *([Experimental](Common.md#Experimental))*|Defines a date that marks when the provider of the data will block these<br>Defines a date that marks when the provider of the data will block these. This is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After it has been reached, the data is blocked in the source and can only be displayed by users with special authorizations (for example, tax auditors); however, it is not allowed to create/change/copy/follow-up blocked data. Consumers of the data should consider if there is an additional purpose to process the data beyond the defined blocking date.
+[EndOfRetentionDate](PersonalData.xml#L215) *([Experimental](Common.md#Experimental))*|Defines the date when the provider destroys the data<br>Defines a date that marks when the provider of the data can destroy these. Consumers of the data should consider if there is an additional purpose (or a legal hold) to process the data beyond the defined destruction date.
diff --git a/vocabularies/PersonalData.xml b/vocabularies/PersonalData.xml
@@ -162,12 +162,19 @@ Terms for contact and address information are defined in the [Communication voca
               </Annotation>
             </Record>
             <Record>
-              <Annotation Term="Common.Experimental" />
               <PropertyValue Property="Value" String="LegalEntityID" />
               <Annotation Term="Core.Description" String="The unique identifier of a legal entity" />
               <Annotation Term="Core.LongDescription">
                 <String>A legal entity is a corporation, an association, or any other organization of legal capacity, which has statutory rights and responsibilities.</String>
               </Annotation>
+              <Annotation Term="Core.Revisions">
+                <Collection>
+                  <Record>
+                    <PropertyValue Property="Kind" EnumMember="Core.RevisionKind/Deprecated" />
+                    <PropertyValue Property="Description" String="Deprecated in favor of [`DataControllerID`](#DataControllerID)" />
+                  </Record>
+                </Collection>
+              </Annotation>
             </Record>
             <Record>
               <Annotation Term="Common.Experimental" />
@@ -188,6 +195,31 @@ Terms for contact and address information are defined in the [Communication voca
                 All fields of type `Edm.Date` or `Edm.DateTimeOffset` on which the end of business determination depends should be annotated.</String>
               </Annotation>
             </Record>
+            <Record>
+              <Annotation Term="Common.Experimental" />
+              <PropertyValue Property="Value" String="DataControllerID" />
+              <Annotation Term="Core.Description" String="The unique identifier of a data controller" />
+              <Annotation Term="Core.LongDescription">
+                <String>The unique identifier of a legal entity which alone or jointly with others determines the purposes and means of the processing of personal data. 
+                The Data Controller is fully responsible (and accountable) that data protection and privacy principles (such as purpose limitation or data minimization), defined in the European General Data Protection Regulation (GDPR) or any other data protection legislation, are adhered to when processing personal data. The DataControllerID succeeds the LegalEntityID.</String>
+              </Annotation>
+            </Record>
+            <Record>
+              <Annotation Term="Common.Experimental" />
+              <PropertyValue Property="Value" String="BlockingDate" />
+              <Annotation Term="Core.Description" String="Defines a date that marks when the provider of the data will block these" />
+              <Annotation Term="Core.LongDescription">
+                <String>Defines a date that marks when the provider of the data will block these. This is the point in time when the processing of a set of personal data is no longer required for the active business, for example, when a contract is fulfilled. After it has been reached, the data is blocked in the source and can only be displayed by users with special authorizations (for example, tax auditors); however, it is not allowed to create/change/copy/follow-up blocked data. Consumers of the data should consider if there is an additional purpose to process the data beyond the defined blocking date.</String>
+              </Annotation>
+            </Record>
+            <Record>
+              <Annotation Term="Common.Experimental" />
+              <PropertyValue Property="Value" String="EndOfRetentionDate" />
+              <Annotation Term="Core.Description" String="Defines the date when the provider destroys the data" />
+              <Annotation Term="Core.LongDescription">
+                <String>Defines a date that marks when the provider of the data can destroy these. Consumers of the data should consider if there is an additional purpose (or a legal hold) to process the data beyond the defined destruction date.</String>
+              </Annotation>
+            </Record>
           </Collection>
         </Annotation>
       </TypeDefinition>