In order to make use of this API, there are some terms that it is useful to know.
Personal Data and Personally Identifiable Information (PII) consist of information that, on its own or combined with a limited amount of other data, can be used to identify a person such as their name, home address, passport number, email address, and so forth. Personal Data is a legal term defined by the GDPRGDPR - The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. while PII is commonly used in business. Learn more about Personal Data and PII.
DataType is our term for a classification of Personal Data that is relevant to how it is stored and processed as it relates to the GDPR This could be an individual piece of information such as a customer's date of birth or a copy of a document such as a passport or national identity card.
A list of DataTypes may be retrieved from the List data-types endpoint.
A DataCategory is an aggregation of related DataTypes that have a common usage within a given context. It is used as part of the StorageDuration entity.
Businesses that collect Personal Data from their customers are referred to as "data controllers" in the context of GDPR. A Data Controller decides what to do with the data that’s been collected. If you run a website that uses any marketing or analytics services you’re a controller.
In the context of the GDPRGDPR - The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas. ‘processing’ means any operations (automated or not) which are performed on Personal Data including (but not limited to):
- collection and storage
- adaptation or alteration
- disclosure or dissemination
- erasure or destruction
See the relevant section in the GDPR .
A Purpose in this API is a high level description as to the application of how Personal Data will be used by an organization. Examples of purposes include:
- Customer relationship management
- Payroll management
- Maintenance of medical records
- Creditworthiness assessment
DPOs may use keywords to search for storage retention rules for Personal Data based on the purpose for which it will be used.
Below is an introduction to the entities in this API and how they relate the our use cases.
The primary entity of this API is the StorageDuration that describes for how long and under what circumstances a set of Personal Data elements of a given DataType may be retained for a given purpose. It provides a summary of the underlying legal basis for the retention as well as links to external sources that may be used for reference.
The main use of this API will be to search for instances of this entity through the Search storage-durations endpoint using filters for the Purpose, DataType, and Sector.
curl --request GET \ --url '<<API_DOMAIN>>?sectors=NACE_xyz§ors=NACE_abc&purpose=medical&dataTypes=dt_123&dataTypes=dt_234&limit=50&offset=0'
ProductionData is a structure found within a StorageDuration for describing the storage lifecycle of Personal Data maintained for production/operational purposes by a data controller in terms of the events that allow its collection (startEvents), the events that force it to be removed from a system (stopEvents), and an explanation as to how long it may be preserved after the startEvent (durationExplanation).
LegalData is a structure found within a StorageDuration for describing the storage lifecycle of Personal Data maintained by a data controller for legal purposes, similar to ProductionData, though it only contains a durationExplanation.
A high level classification of economic activity to which a given Purpose pertains. Currently our Sectors are derived from the Statistical classification of economic activities in the European Community, abbreviated as NACE
A list of available Sectors to filter by may be retrieved from the List sectors endpoint
Updated about 1 month ago