This paper proposes e model driven approach, based on business process awareness to support the compliance to GDPR. The European General Data Protection Regulation (GDPR (EU) 2016/679) regard the processing of personal data and on the free movement of such data. The main purpose is to safeguard the data subject’s human dignity and fundamental rights. To achieve this goal is necessary to identify the motivation of data management, define who have access to data, and determine with high precision how, when and how many times the organization store manage the data. GDPR requires the self-assessment of digital risks on the basis of the impact assessment analysis. The adoption of GDPR by an organization raises this main question: how do we audit an organization’s adherence? Starting form BPMN that “provide businesses with the capability of understanding their internal business procedures” we propose an approach that help to identify the most important keypoint(s) useful for GDPR compliance. To analyse the potential applicability of our thesis we describe a “Vacation Request” scenario where we applied the proposed approach.

Business Process awareness to support GDPR compliance

CAPODIECI A.
;
MAINETTI L.
2019-01-01

Abstract

This paper proposes e model driven approach, based on business process awareness to support the compliance to GDPR. The European General Data Protection Regulation (GDPR (EU) 2016/679) regard the processing of personal data and on the free movement of such data. The main purpose is to safeguard the data subject’s human dignity and fundamental rights. To achieve this goal is necessary to identify the motivation of data management, define who have access to data, and determine with high precision how, when and how many times the organization store manage the data. GDPR requires the self-assessment of digital risks on the basis of the impact assessment analysis. The adoption of GDPR by an organization raises this main question: how do we audit an organization’s adherence? Starting form BPMN that “provide businesses with the capability of understanding their internal business procedures” we propose an approach that help to identify the most important keypoint(s) useful for GDPR compliance. To analyse the potential applicability of our thesis we describe a “Vacation Request” scenario where we applied the proposed approach.
2019
978-1-4503-6292-4
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11587/429736
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 4
  • ???jsp.display-item.citation.isi??? ND
social impact