todo.txt

background.tex:43:A DPIA can be conducted for a specific processing activity, for a project, or for the entire organisation, and must be be carried out ``prior to the processing'' (Articles 35-1, 35-10).
information.tex:337:    \item What are the the purposes of processing? (A30-1b)
information.tex:358:    \item What are the the categories of processing carried out on behalf of the controller? (A30-2b)
sota.tex:228:The ontology was evaluated using the the OOPS! tool \cite{poveda-villalon_oops!_2014}, and was documented using the LODE \cite{peroni_tools_2013}. The ontology can be accessed publicly\footnote{Link from \cite{otake_using_2017} \url{https://github.com/guerret/lu.uni.eclipse.bpmn2}} with documentation provided using LODE ontology documentation tool \cite{peroni_tools_2013}.
sota.tex:246:BPR4GDPR\footnote{\url{http://www.bpr4gdpr.eu/}} (Business Process Re-engineering and functional toolkit for GDPR compliance) is an European H2020 project that aims to provide a a reference compliance framework for the GDPR. The framework is stated to provide specification of sophisticated security and privacy policies, modelling technologies and tools for the incorporation of provisions in process models and the resulting executable processes, and means for automating verification and alignment.
testing.tex:656:For Psychographics, Quantcast specifies that it uses information from third-parties (Experian, Mastercard, DLX, TiVo, and Netwise) to `augment' its profiles. The third parties were defined as the the source for this data based on this information.
vocabularies.tex:766:An exploration of the above change detection was published in the Managing the Evolution and and Preservation of the Data Web workshop co-located with ESWC 2018 \cite{pandit_gdpr-driven_2018} where a model of activities were represented using P-Plan and then compared to identify changes. The use of P-Plan can be substituted with GDPRov when representing GDPR-specific activities.