GDPR and business processes: an effective solution

Bartolini C., Calabrò A., Marchetti E.

BPMN  Business processes  General Data Protection Regulation (GDPR)  Learning  Privacy by Design 

In the European Union, the recent update to data protection laws by virtue of the General Data Protection Regulation (GDPR) significantly changed the landscape of the processing of personal data. Consequently, adequate solutions to ensure that the controller and processor properly understand and meet the data protection requirements are needed. In enterprise reality it is quite common to use Business Process (BP) models to manage the different business activities. Hence the idea of integrating privacy concepts into BP models so as to leverage them to the role of GDPR recommenders. To this end, suggestions and recommendations about data management pursuant to GDPR provisions have been added to specific tasks of the BP, to improve both the process management and personnel learning and training. Feasibility of the proposed idea, implemented into an Eclipse plugin, has been provided through a realistic example.