Testing and experimentation are crucial for promoting innovation and building systems that can evolve to meet high levels of service quality. IoT data that belong to users and from which their personal information can be inferred are frequently shared in the background of IoT systems with third parties for experimentation and building quality services. This data sharing raises privacy concerns especially since in most cases the data are gathered and shared without the user’s knowledge or explicit consent or for different purposes than the one for which the data were initially gathered. With the introduction of GDPR, IoT systems and experimentation platforms that federate data from different deployments, testbeds and data providers must be privacy-preserving. The wide adoption of IoT applications in scenarios ranging from smart cities to Industry 4.0 has raised concerns with respect to the privacy of users' data collected using IoT devices. Many experimental smart city applications are also using crowdsourcing data. Inspired by the GDPR requirements, we propose an IoT ontology built using available standards that enhances privacy, enables semantic interoperability between IoT deployments and supports the development of privacy-preserving experimental IoT applications. On top, we propose recommendations on how to efficiently use the ontology within IoT testbed and federating platforms. Our ontology is validated for different quality assessment criteria using standard validation tools. We focus on experimentation without any loss of generality, because it covers scenarios from both research and industry, that are directly linked with innovation and in most cases neglect privacy.