Orientation

A beginner's guide to familiarize yourself with our terminology and entities in the system

Suggest Edits

Terms to Know

In order to make use of this API, there are some terms that it is useful to know.

Personal Data and Personal Identifying Information (PII)

Personal Data and Personally Identifiable Information (PII) consist of information that, on its own or combined with a limited amount of other data, can be used to identify a person such as their name, home address, passport number, email address, and so forth. Personal Data is a legal term defined by the GDPR while PII is commonly used in business. Learn more about Personal Data and PII.

DataType and DataCategory

DataType is our term for a classification of Personal Data that is relevant to how it is stored and processed as it relates to the GDPR This could be an individual piece of information such as a customer's date of birth or a copy of a document such as a passport or national identity card.

A list of DataTypes may be retrieved from the List data-types endpoint.

A DataCategory is an aggregation of related DataTypes that have a common usage within a given context. It is used as part of the StorageDuration entity.

Data Controller

Businesses that collect Personal Data from their customers are referred to as "data controllers" in the context of GDPR. A Data Controller decides what to do with the data that’s been collected. If you run a website that uses any marketing or analytics services you’re a controller.

Processing

In the context of the GDPR ‘processing’ means any operations (automated or not) which are performed on Personal Data including (but not limited to):

  • collection and storage
  • consultation
  • adaptation or alteration
  • disclosure or dissemination
  • erasure or destruction

See the relevant section in the GDPR .

Purpose

A Purpose in this API is a high level description as to the application of how Personal Data will be used by an organization. Examples of purposes include:

  • Customer relationship management
  • Payroll management
  • Maintenance of medical records
  • Creditworthiness assessment

DPOs may use keywords to search for storage retention rules for Personal Data based on the purpose for which it will be used.

Entities

Below is an introduction to the entities in this API and how they relate the our use cases.

StorageDuration

The primary entity of this API is the StorageDuration that describes for how long and under what circumstances a set of Personal Data elements of a given DataType may be retained for a given purpose. It provides a summary of the underlying legal basis for the retention as well as links to external sources that may be used for reference.

The main use of this API will be to search for instances of this entity through the Search storage-durations endpoint using filters for the Purpose, DataType, and Sector.

curl --request GET \
  --url '<<API_DOMAIN>>?purpose=medical&limit=50&offset=0'

ProductionData

ProductionData is a structure found within a StorageDuration for describing the storage lifecycle of Personal Data maintained for production/operational purposes by a data controller in terms of the events that allow its collection (startEvents), the events that force it to be removed from a system (stopEvents), and an explanation as to how long it may be preserved after the startEvent (durationExplanation).

LegalData

LegalData is a structure found within a StorageDuration for describing the storage lifecycle of Personal Data maintained by a data controller for legal purposes, similar to ProductionData, though it only contains a durationExplanation.

Sector

A high level classification of economic activity to which a given Purpose pertains. Currently our Sectors are derived from the Statistical classification of economic activities in the European Community, abbreviated as NACE

A list of available Sectors to filter by may be retrieved from the List sectors endpoint

Updated over 2 years ago

What’s Next

Start exploring the API reference