In an increasingly digital world, where processing and exchange of personal data are key parts of everyday enterprise business processes (BPs), the right to data privacy is regulated and actively enforced in the Europe Union (EU) through the recently introduced General Data Protection Regulation (GDPR), whose aim is to protect EU citizens from privacy breaches. In this direction, GDPR is highly influencing the way organizations must approach data privacy, forcing them to rethink and upgrade their BPs in order to become GDPR compliant. For many organizations, this can be a daunting task, since little has been done so far to easily identify privacy issues in BPs. To tackle this challenge, in this paper, we provide an analysis of the main privacy constraints in GDPR and propose a set of design patterns to capturing and integrating such constraints in BP models. Using BPMN (Business Process Modeling Notation) as modeling notation, our approach allows us to achieve full transparency of privacy constraints in BPs making it possible to ensure their compliance with GDPR.
2019, Information Systems Engineering in Responsible Information Systems, Pages 10-22 (volume: 350)
Achieving GDPR compliance of BPMN process models (04b Atto di convegno in volume)
Agostinelli S., Maggi F. M., Marrella A., Sapio F.
ISBN: 978-3-030-21296-4; 978-3-030-21297-1
Gruppo di ricerca: Data Management and Semantic Technologies