The Privaciz/GDPR model is based on the ArchiMate model, and extended by stereotypes provided by the Privaciz Model module.

General

Tools to model basic GDPR concepts.

Stereotype	Label	Description
GDPRElement	GDPR element	Indicates that an element belongs to the GDPR model.
GDPRDiagram	GDPR diagram	GDPR diagram
GDPRFunctionalDiagram	GDPR functional diagram	GDPR functional diagram
GDPRRiskDiagram	GDPR risk diagram	GDPR risk diagram
GDPRTechnicalDiagram	GDPR technical diagram	GDPR technical diagram

Stereotype

Label

Description

GDPRElement

GDPR element

Indicates that an element belongs to the GDPR model.

GDPRDiagram

GDPR diagram

GDPRFunctionalDiagram

GDPR functional diagram

GDPRRiskDiagram

GDPR risk diagram

GDPRTechnicalDiagram

GDPR technical diagram

DataProcessing

Tools to model the GDPR personal data processing.

Stereotype	Label	Description
DataProcessing	Data processing	Operation or set of operations addressing personal data.
Process	Process	Representation of the flow of interactions between functions and services.
ProcessLink	Process	Indicates that a data processing is carried out within a process.
Purpose	Purpose	Reason why personal data are being processed.
PurposeLink	Purpose	Indicates the purpose of a data processing.
DataUsageLink	Usage	Indicates that personal data is being used in a process.
PersonalDataFlowLink	Personal data flow	Indicates that personal data is being exchanged between participants or processes.
ConveyedLink	Conveyed	Indicates which personal data is conveyed via a data flow.
DelegationLink	Delegation	Indicates who the data processing is subcontracted to.
ImplementationLink	Implementation	Indicates that an organization unit (organization, department or subcontractor) implements a process.

Stereotype

Label

Description

DataProcessing

Data processing

Operation or set of operations addressing personal data.

Process

Representation of the flow of interactions between functions and services.

ProcessLink

Process

Indicates that a data processing is carried out within a process.

Purpose

Reason why personal data are being processed.

PurposeLink

Purpose

Indicates the purpose of a data processing.

DataUsageLink

Usage

Indicates that personal data is being used in a process.

PersonalDataFlowLink

Personal data flow

Indicates that personal data is being exchanged between participants or processes.

ConveyedLink

Conveyed

Indicates which personal data is conveyed via a data flow.

DelegationLink

Delegation

Indicates who the data processing is subcontracted to.

ImplementationLink

Implementation

Indicates that an organization unit (organization, department or subcontractor) implements a process.

Implementations

Tools to model GDPR implementation concepts.

Stereotype	Label	Description
DataCarrier	Data carrier	Personal data carrier
Artifact	Artifact	Piece of data that is used or produced in a software development process, or by deployment and operation of an IT system.
Material	Material	Structure element that represents tangible physical matter or physical elements.
Node	Node	Physical item (hardware device).
Cloud	Cloud	Applications, storage and other services which are accessed via the Web.
Server	Server	Remote system used to access information.
HostingLink	Hosting	Indicates that an application component is hosted by a node.
ApplicationComponent	Application component	Element used to model entire applications or individual parts of such applications.
Database	Database	Structure used to store and organize large amounts of data.
Application	Application	Element used to model entire applications (deployed and operational IT systems).
ApplicationLink	Application	Indicates that a process is realized by an application.
HostCountryLink	Host country	Indicates in which country the Data Carrier is hosted.
Country	Country	Country from which a participant operates, or where personal data is stored.
Contract	Contract	Abstract signed agreement (processing, storage, transfer or cooperation).
CooperationContract	Cooperation Contract	Signed agreement that defines the cooperation terms between two participants.
ProcessingContract	Processing contract	Signed agreement that binds a data controler and a subcontractor over the processing of data.
StorageContract	Storage contract	Signed agreement that defines the terms of data storage.
TransferContract	Transfer contract	Signed agreement that defines the terms of data transfer.
ConveyedContractLink	Contract	Indicates which contract is used.

Stereotype

Label

Description

DataCarrier

Data carrier

Personal data carrier

Artifact

Piece of data that is used or produced in a software development process, or by deployment and operation of an IT system.

Material

Structure element that represents tangible physical matter or physical elements.

Node

Physical item (hardware device).

Cloud

Applications, storage and other services which are accessed via the Web.

Server

Remote system used to access information.

HostingLink

Hosting

Indicates that an application component is hosted by a node.

ApplicationComponent

Application component

Element used to model entire applications or individual parts of such applications.

Database

Structure used to store and organize large amounts of data.

Application

Element used to model entire applications (deployed and operational IT systems).

ApplicationLink

Application

Indicates that a process is realized by an application.

HostCountryLink

Host country

Indicates in which country the Data Carrier is hosted.

Country

Country from which a participant operates, or where personal data is stored.

Contract

Contract

Abstract signed agreement (processing, storage, transfer or cooperation).

CooperationContract

Cooperation Contract

Signed agreement that defines the cooperation terms between two participants.

ProcessingContract

Processing contract

Signed agreement that binds a data controler and a subcontractor over the processing of data.

StorageContract

Storage contract

Signed agreement that defines the terms of data storage.

TransferContract

Transfer contract

Signed agreement that defines the terms of data transfer.

ConveyedContractLink

Contract

Indicates which contract is used.

Participants

Tools to model GDPR participants.

Stereotype	Label	Description
Participant	Participant	Person or organization which takes part in processing data.
OrganizationUnit	Organization unit	Participant which is not a natural person.
Organization	Organization	Either a company or a non-commercial organization which is responsible for the data processing.
Processor	Subcontractor	Subcontractor who processes data for the controller.
DelegationLink	Delegation	Indicates who the data processing is subcontracted to.
SubsequentLink	Subsequent	Indicates that a subcontractor processes the data for the subcontractor.
Department	Department	Sub-organization entity, like a department, or a business unit.
DepartmentLink	Department	Indicates that an organization, or a subcontractor has a department.
GDPRCorrespondent	GDPR correspondent	Agent in charge with personal data privacy at department or business unit level. Appointed by the Organization. Reports to the DPO.
CorrespondentLink	Correspondent	Indicates who is the organization’s GDPR correspondent.
Role	Role	Person or agent which takes part in processing data.
Agent	Agent	Operator taking part in the processing of personal data.
ExternalAgent	External Agent	Operator who takes part in the processing personal data from outside the organization.
InternalAgent	Internal agent	Operator who takes part in the processing of personal data from within the organization.
DataSubject	Data subject	Natural person whose personal data is being processed.
ExternalPerson	External person	Natural person whose personal data is processed and who is NOT part of the organization.
InternalPerson	Internal person	Natural person whose personal data is being processed and who is part of the organization.
DPO	DPO	Data Privacy Officer (or Data Protection Officer) in charge with enforcing the compliancy with the GDPR within the organization.
CooperationModeLink	Cooperation	Indicates that a participant cooperates with another participant.
CooperationContextLink	Cooperation context	Indicates the context of a participant cooperation.
PartOfLink	Part Of	Indicates that a role is part of an organization unit.
StructuralLink	Structural link	Indicates that a participant is bind to another participant.
LegalOwnershipLink	Legal ownership	Indicates that the personal data of a European citizen are being collected, stored, or processed.
PerformLink	Perform	Indicates that a process is executed by an agent.
ControllerLink	Controller	Indicates which participant is in change with processing the personal data.
CountryLink	Country	Indicates the country from which a participant operates, or where personal data is stored.

Stereotype

Label

Description

Participant

Person or organization which takes part in processing data.

OrganizationUnit

Organization unit

Participant which is not a natural person.

Organization

Either a company or a non-commercial organization which is responsible for the data processing.

Processor

Subcontractor

Subcontractor who processes data for the controller.

DelegationLink

Delegation

Indicates who the data processing is subcontracted to.

SubsequentLink

Subsequent

Indicates that a subcontractor processes the data for the subcontractor.

Department

Sub-organization entity, like a department, or a business unit.

DepartmentLink

Department

Indicates that an organization, or a subcontractor has a department.

GDPRCorrespondent

GDPR correspondent

Agent in charge with personal data privacy at department or business unit level. Appointed by the Organization. Reports to the DPO.

CorrespondentLink

Correspondent

Indicates who is the organization’s GDPR correspondent.

Role

Role

Person or agent which takes part in processing data.

Agent

Agent

Operator taking part in the processing of personal data.

ExternalAgent

External Agent

Operator who takes part in the processing personal data from outside the organization.

InternalAgent

Internal agent

Operator who takes part in the processing of personal data from within the organization.

DataSubject

Data subject

Natural person whose personal data is being processed.

ExternalPerson

External person

Natural person whose personal data is processed and who is NOT part of the organization.

InternalPerson

Internal person

Natural person whose personal data is being processed and who is part of the organization.

DPO

Data Privacy Officer (or Data Protection Officer) in charge with enforcing the compliancy with the GDPR within the organization.

CooperationModeLink

Cooperation

Indicates that a participant cooperates with another participant.

CooperationContextLink

Cooperation context

Indicates the context of a participant cooperation.

PartOfLink

Part Of

Indicates that a role is part of an organization unit.

StructuralLink

Structural link

Indicates that a participant is bind to another participant.

LegalOwnershipLink

Legal ownership

Indicates that the personal data of a European citizen are being collected, stored, or processed.

PerformLink

Perform

Indicates that a process is executed by an agent.

ControllerLink

Controller

Indicates which participant is in change with processing the personal data.

CountryLink

Country

Indicates the country from which a participant operates, or where personal data is stored.

PersonalData

Tools to model GDPR personal data.

Stereotype	Label	Description
PersonalData	Personal data	Personal data’ means any information relating to an identified or identifiable natural person whom can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
PersonalDataGroup	Personal data group	Container gathering several personal data.
ConnectionData	Connection data	Connection data (IP adresses, event logs, etc.)
FinancialData	Financial data	Financial or economic information.
IdentificationData	Identification data	Civil status, identity, identification data, etc.
LocationData	Location data	Location data (mobility, GPS data, GSM, etc.).
PersonalLifeData	Personal life data	Personal life related information (lifestyle, family situation, etc.)
ProfessionalLifeData	Professional life data	Professional life related data (CV, education, professional training, rewards, etc.).
BiometricData	Biometric data	Personal data that resulted from specific processing related to physical and behavioral features of a person, which allows the identification of that person.
SocialSecurityNumberData	Social security number	Unique identification number (such as social security number).
CriminalConvictionData	Criminal conviction data	Sensitive data related to penal convictions or infractions.
EthnicData	Ethnic data	Data revealing the ethnic or racial origin of the data subject.
GeneticData	Genetic data	Data related to a natural person’s genetic characteristics, which offers information about the mental or physical health of that person.
HealthData	Health data	Personal data referring to the personal mental and physical health of a person, including information on health services accessed.
OpinionData	Opinion data	Data revealing political opinions.
ReligiousData	Religious data	Data revealing religious or philosophical beliefs.
SexualOrientationData	Sexual orientation data	Data concerning the sexual life or sexual orientation.
UnionData	Union data	Data revealing the union membership.
OtherPersonalData	Other personal data	Other personal data, any kind of information related to a natural person.
DataGroupingLink	Data grouping	Indicates which personal data compose the personal data group.
StorageLink	Storage	Indicates that personal data is stored in a specific data carrier.

Stereotype

Label

Description

PersonalData

Personal data

Personal data’ means any information relating to an identified or identifiable natural person whom can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

PersonalDataGroup

Personal data group

Container gathering several personal data.

ConnectionData

Connection data

Connection data (IP adresses, event logs, etc.)

FinancialData

Financial data

Financial or economic information.

IdentificationData

Identification data

Civil status, identity, identification data, etc.

LocationData

Location data

Location data (mobility, GPS data, GSM, etc.).

PersonalLifeData

Personal life data

Personal life related information (lifestyle, family situation, etc.)

ProfessionalLifeData

Professional life data

Professional life related data (CV, education, professional training, rewards, etc.).

BiometricData

Biometric data

Personal data that resulted from specific processing related to physical and behavioral features of a person, which allows the identification of that person.

SocialSecurityNumberData

Social security number

Unique identification number (such as social security number).

CriminalConvictionData

Criminal conviction data

Sensitive data related to penal convictions or infractions.

EthnicData

Ethnic data

Data revealing the ethnic or racial origin of the data subject.

GeneticData

Genetic data

Data related to a natural person’s genetic characteristics, which offers information about the mental or physical health of that person.

HealthData

Health data

Personal data referring to the personal mental and physical health of a person, including information on health services accessed.

OpinionData

Opinion data

Data revealing political opinions.

ReligiousData

Religious data

Data revealing religious or philosophical beliefs.

SexualOrientationData

Sexual orientation data

Data concerning the sexual life or sexual orientation.

UnionData

Union data

Data revealing the union membership.

OtherPersonalData

Other personal data

Other personal data, any kind of information related to a natural person.

DataGroupingLink

Data grouping

Indicates which personal data compose the personal data group.

StorageLink

Storage

Indicates that personal data is stored in a specific data carrier.

Risks

Tools to model GDPR risk analysis concepts.

Stereotype	Label	Description
Risk	Risk	Breach in the system which represents a risk for the personal data being processed.
RiskLink	Risk	Indicates that a process is subject to a specific risk.
Measure	Measure	Technical, organizational or legal measure taken by the organization to ensure that the data is safe.
AppliedMeasureLink	Applied measure	Indicates that a risk is warded off by a security measure.
MeasureType	Measure type	Type of measure taken to guarantee the security of personal data.
MeasureTypeLink	Measure type	Indicates that a type is associated to a measure.

Stereotype

Label

Description

Risk

Breach in the system which represents a risk for the personal data being processed.

RiskLink

Risk

Indicates that a process is subject to a specific risk.

Measure

Technical, organizational or legal measure taken by the organization to ensure that the data is safe.

AppliedMeasureLink

Applied measure

Indicates that a risk is warded off by a security measure.

MeasureType

Measure type

Type of measure taken to guarantee the security of personal data.

MeasureTypeLink

Measure type

Indicates that a type is associated to a measure.

Focus

Tools to model focus diagrams.

Stereotype	Label	Description
FocusDiagram	Focus diagram	Abstract stereotype extended by concrete focus diagrams.
ParticipantFocusDiagram	Participant focus diagram	Participant focus diagram
PersonalDataFocusDiagram	Personal data focus diagram	Personal data focus diagram
ProcessFocusDiagram	Process focus diagram	Process focus diagram
RiskFocusDiagram	Risk focus diagram	Risk focus diagram
FocusDiagramDependency	Focus diagram dependency	Link between a focus diagram and its central element.

Stereotype

Label

Description

FocusDiagram