nach oben

Erschienen in:

2019 | OriginalPaper | Buchkapitel

Achieving GDPR Compliance of BPMN Process Models

verfasst von : Simone Agostinelli, Fabrizio Maria Maggi, Andrea Marrella, Francesco Sapio

Erschienen in: Information Systems Engineering in Responsible Information Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In an increasingly digital world, where processing and exchange of personal data are key parts of everyday enterprise business processes (BPs), the right to data privacy is regulated and actively enforced in the Europe Union (EU) through the recently introduced General Data Protection Regulation (GDPR), whose aim is to protect EU citizens from privacy breaches. In this direction, GDPR is highly influencing the way organizations must approach data privacy, forcing them to rethink and upgrade their BPs in order to become GDPR compliant. For many organizations, this can be a daunting task, since little has been done so far to easily identify privacy issues in BPs. To tackle this challenge, in this paper, we provide an analysis of the main privacy constraints in GDPR and propose a set of design patterns to capturing and integrating such constraints in BP models. Using BPMN (Business Process Modeling Notation) as modeling notation, our approach allows us to achieve full transparency of privacy constraints in BPs making it possible to ensure their compliance with GDPR.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel UBBA: Unity Based BPMN Animator

Nächstes Kapitel How Could Systems Analysis Use the Idea of “Responsible Information System”?

The only exception is National Security Data that does not follow GDPR regulation, but is left to the jurisdiction of each State.

Event sub-processes are used in BPMN to capture exceptions (and define recovery procedures) that may affect an entire BP.

Altuhhova, O., Matulevicius, R., Ahmed, N.: An extension of business process model and notation for security risk management. Int. J. Inf. Syst. Model. Design 4(4), 93–113 (2013)CrossRef

Ayed, G.B., Ghernaouti-Helie, S.: Processes view modeling of identity-related privacy business interoperability: considering user-supremacy federated identity technical model and identity contract negotiation. In: ASONAM 2012 (2012)

Basin, D., Debois, S., Hildebrandt, T.: On purpose and by necessity: compliance under the GDPR. In: Proceedings Financial Cryptography and Data Security, vol. 18 (2018)

Brucker, A.D.: Integrating security aspects into business process models. Inf. Technol. 55(6), 239–246 (2013)

Carey, P.: Data Protection: A Practical Guide to UK and EU Law. Oxford University Press Inc., Oxford (2018)

Cherdantseva, Y., Hilton, J., Rana, O.: Towards secureBPMN - aligning BPMN with the information assurance and security domain. In: Mendling, J., Weidlich, M. (eds.) BPMN 2012. LNBIP, vol. 125, pp. 107–115. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33155-8_9CrossRef

Chergui, M.E.A., Benslimane, S.M.: A valid BPMN extension for supporting security requirements based on cyber security ontology. In: Abdelwahed, E.H., Bellatreche, L., Golfarelli, M., Méry, D., Ordonez, C. (eds.) MEDI 2018. LNCS, vol. 11163, pp. 219–232. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00856-7_14CrossRef

Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: SAC 2014, pp. 1399–1405 (2014)

Maines, C.L., Zhou, B., Tang, S., Shi, Q.: Adding a third dimension to BPMN as a means of representing cyber security requirements. In: DeSE 2016 (2016)

10.

Maines, C.L., Llewellyn-Jones, D., Tang, S., Zhou, B.: A cyber security ontology for BPMN-security extensions. In: CIT 2015 (2015)

11.

Menzel, M., Thomas, I., Meinel, C.: Security requirements specification in service-oriented business process management. In: ARES 2009 (2009)

12.

Petersen, S.A., Mannhardt, F., Oliveira, M., Torvatn, H.: A framework to navigate the privacy trade-offs for human-centred manufacturing. In: Camarinha-Matos, L.M., Afsarmanesh, H., Rezgui, Y. (eds.) PRO-VE 2018. IAICT, vol. 534, pp. 85–97. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99127-6_8CrossRef

13.

Pullonen, P., Matulevičius, R., Bogdanov, D.: PE-BPMN: privacy-enhanced business process model and notation. In: Carmona, J., Engels, G., Kumar, A. (eds.) BPM 2017. LNCS, vol. 10445, pp. 40–56. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-65000-5_3CrossRef

14.

Robol, M., Salnitri, M., Giorgini, P.: Toward GDPR-compliant socio-technical systems: modeling language and reasoning framework. In: Poels, G., Gailly, F., Serral Asensio, E., Snoeck, M. (eds.) PoEM 2017. LNBIP, vol. 305, pp. 236–250. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70241-4_16CrossRef

15.

Rodríguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. 90(4), 745–752 (2007)CrossRef

16.

Salnitri, M., Dalpiaz, F., Giorgini, P.: Designing secure business processes with SecBPMN. Softw. Syst. Model. 16(3), 737–757 (2017)CrossRef

17.

Sang, K.S., Zhou, B.: BPMN security extensions for healthcare process. In: CIT 2015 (2015)

18.

Tom, J., Sing, E., Matulevičius, R.: Conceptual representation of the GDPR: model and application directions. In: Zdravkovic, J., Grabis, J., Nurcan, S., Stirna, J. (eds.) BIR 2018. LNBIP, vol. 330, pp. 18–28. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99951-7_2CrossRef

Titel: Achieving GDPR Compliance of BPMN Process Models
verfasst von: Simone Agostinelli
Fabrizio Maria Maggi
Andrea Marrella
Francesco Sapio
Verlag: Springer International Publishing
Buch: Information Systems Engineering in Responsible Information Systems
Print ISBN: 978-3-030-21296-4

Electronic ISBN: 978-3-030-21297-1

Copyright-Jahr: 2019
DOI: https://doi.org/10.1007/978-3-030-21297-1_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"