When illustrating concepts pertaining to data protection, it is often useful to have a concrete use case at hand. The following post therefore provides such a use case. Namely, it describes the various aspects of the processing activities of an online shop. In particular, the aspects include the involved entities, the purposes pursued by the processing, the legal bases for the processing, the data necessary to fulfill the purposes, as well as the storage period necessary for this data.
The Data Privacy Vocabularies and Controls Community Group published two vocabularies to describe personal data and the ways it can be processed. The vocabularies are meant to be used in software that automates verifications against the European General Data Protection Regulation (GDPR).