Abstract
The collection and long-term retention of excessive data enables organisations to process data for insights in non-primary processes. The discovery of insights is promoted to be useful both for organisations and the customers. However, long-term possession of data on one hand risks the privacy of data belonging beings in cases of data breaches and on the other hand results in the customers distrust. General Data Protection Regulation (GDPR) abstractly defined the data processing boundaries of the personal data of European Union’s citizens. The processing principles of GDPR, in line with the spirit of privacy by design and default, provide directions on the collection, storage, and processing of personal data. Concomitantly, the data subject rights provide customers with necessary control over their personal data stationed at the data controller’s premises. The accountability principle of GDPR requires compliance in place and also the ability to demonstrate it. In this work, we are providing three solutions to enable GDPR compliance in business processes. First, we are proposing intra-process data degradation, a solution for continuous data minimisation during the course of business processes. The proposed approach results in reduced data maintenance and breach losses. Second, we adapt process mining techniques for ascertaining compliance of business process execution to data subject rights. Finally, we present a scheme to utilise differential privacy technique to enable GDPR-compliant business process discovery. Additionally, we offer links to two effective tools that demonstrate our first and second contributions.
Highlights
Business processes collect, generate, or manipulate data of related entities, the beings to whom the process is related and the organisational resources related to the process
The execution data shall be analysed for ascertaining compliance with the applicable General Data Protection Regulation (GDPR) provisions, and detect deviations, if any
First we discuss on the GDPR article(s) relevant to data minimisation
Summary
Generate, or manipulate data of related entities, the beings to whom the process is related and the organisational resources related to the process. We are providing three solutions that contribute towards enabling GDPR-compliance in business processes. Data minimisation is one important pillar of data processing principles and enabler of the Privacy by design and default, a requirement by Article 25 of the GDPR. Almost all the process mining techniques process event data, which may contain sensitive data of the data subjects and the related organisational resources. These techniques shall adhere to the data security and data pseudonymisation requirements of the GDPR. We discuss post-execution GDPR compliance of business processes with respect to data subject rights.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
