DPA vs GDPR

This dataset is developed to facilitate research on GDPR compliance within organizational policies. The General Data Protection Regulation (GDPR) document is segmented into 1,038 individual statements, serving as the reference for compliance checking. Nine Data Processing Agreements (DPAs) from organizations, including Whereby, Contentsquare, Timetastic, the University of Bristol, NHS, and others, are similarly divided into distinct statements. These DPA statements are manually compared to GDPR statements to assess alignment. The mapping process involved annotation by three independent academic experts with expertise in data protection and regulatory frameworks. Each DPA statement was evaluated against potential GDPR matches, with pairs labeled as "mapped" if they addressed the same compliance issue or "unmapped" if they did not. This annotated dataset provides a valuable resource for developing and evaluating automated compliance-checking models. The dataset serves as the foundational research material for the study titled "A Framework for Enhanced Compliance Checking Using Legal Knowledge Graphs and LLMs: A GDPR Case Study." A Framework for Enhanced Compliance Checking Using Legal Knowledge Graphs and LLMs: A GDPR Case Study