In an increasingly digital world, where processing and exchange of personal data are key parts of everyday enterprise business processes (BPs), the right to data privacy is regulated and actively enforced in the Europe Union (EU) through the recently introduced General Data Protection Regulation (GDPR), whose aim is to protect EU citizens from privacy breaches. In this direction, GDPR is highly influencing the way organizations must approach data privacy, forcing them to rethink and upgrade their BPs in order to become GDPR compliant. For many organizations, this can be a daunting task, since little has been done so far to easily identify privacy issues in BPs. To tackle this challenge, in this paper, we provide an analysis of the main privacy constraints in GDPR and propose a set of design patterns to capturing and integrating such constraints in BP models. Using BPMN (Business Process Modeling Notation) as modeling notation, our approach allows us to achieve full transparency of privacy constraints in BPs making it possible to ensure their compliance with GDPR.

Achieving GDPR compliance of BPMN process models / Agostinelli, S.; Maggi, F. M.; Marrella, A.; Sapio, F.. - 350:(2019), pp. 10-22. (Intervento presentato al convegno 31st International Conference on Advanced Information Systems Engineering, CAiSE 2019 tenutosi a Rome; Italy) [10.1007/978-3-030-21297-1_2].

Achieving GDPR compliance of BPMN process models

Agostinelli S.;Maggi F. M.;Marrella A.
;
Sapio F.
2019

Abstract

In an increasingly digital world, where processing and exchange of personal data are key parts of everyday enterprise business processes (BPs), the right to data privacy is regulated and actively enforced in the Europe Union (EU) through the recently introduced General Data Protection Regulation (GDPR), whose aim is to protect EU citizens from privacy breaches. In this direction, GDPR is highly influencing the way organizations must approach data privacy, forcing them to rethink and upgrade their BPs in order to become GDPR compliant. For many organizations, this can be a daunting task, since little has been done so far to easily identify privacy issues in BPs. To tackle this challenge, in this paper, we provide an analysis of the main privacy constraints in GDPR and propose a set of design patterns to capturing and integrating such constraints in BP models. Using BPMN (Business Process Modeling Notation) as modeling notation, our approach allows us to achieve full transparency of privacy constraints in BPs making it possible to ensure their compliance with GDPR.
2019
31st International Conference on Advanced Information Systems Engineering, CAiSE 2019
BPMN; Data privacy; GDPR; Process models
04 Pubblicazione in atti di convegno::04b Atto di convegno in volume
Achieving GDPR compliance of BPMN process models / Agostinelli, S.; Maggi, F. M.; Marrella, A.; Sapio, F.. - 350:(2019), pp. 10-22. (Intervento presentato al convegno 31st International Conference on Advanced Information Systems Engineering, CAiSE 2019 tenutosi a Rome; Italy) [10.1007/978-3-030-21297-1_2].
File allegati a questo prodotto
File Dimensione Formato  
Agostinelli_Postprint_Achieving-GDPR_2019.pdf

accesso aperto

Note: https://link.springer.com/chapter/10.1007/978-3-030-21297-1_2
Tipologia: Documento in Post-print (versione successiva alla peer review e accettata per la pubblicazione)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 611.73 kB
Formato Adobe PDF
611.73 kB Adobe PDF
Agostinelli_Achieving-GDPR_2019.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 2.01 MB
Formato Adobe PDF
2.01 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1290908
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 25
  • ???jsp.display-item.citation.isi??? 19
social impact