Process Mining Meets GDPR Compliance: The Right to be Forgotten as a Use Case
Rashid Zaman. Process Mining Meets GDPR Compliance: The Right to be Forgotten as a Use Case. 1st International Conference on Process Mining, June 24-26, 2019, Aachen, Germany.
In a bid to ensure privacy of personal data, General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses in the capacity of data controllers and data processors, along with the provision of landmark rights bestowed to data subjects over their personal data. Fulfilling these obligations implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, it has several technical as well as procedural challenges, especially for organizations having intertwined and cascaded business processes or business processes stretched over multiple organizations. Process mining has been applied and found highly effective in shaping business processes, organizational workflows, healthcare procedures/guidelines to name a few for compliance and improvement purposes. Process mining techniques therefore have a great potential to guide the transformation of pre-GDPR era (usually GDPR non-compliant) business or organizational processes into GDPR-compliant processes and afterwards ensure they remain compliant during execution. In addition to the current state of the art techniques, stable online conformance checking and online model repair techniques needs to be developed. As a test case, we are considering the
challenges associated with implementation of the right to be forgotten in multi-organization based automotive lead generation/management system