Specific Objectives

BPR4GDPR pursues the following objectives, with specific scope and means for achievements:

Objective 1: Reference compliance framework

BPR4GDPR will be driven by the data protection legislation, particularly the GDPR, aiming at facilitating compliance for organisations. To this end, it will put in place a reference compliance framework, reflecting the associated provisions and requirements. This framework will serve as the codification of legislation, providing the ground for the development of the BPR4GDPR technologies.

Objective 2: Sophisticated security and privacy policies

BPR4GDPR aims at providing a comprehensive framework for the specification of sophisticated security and privacy policies, able to capture all complex concepts stemming from the data protection legislation and the needs and requirements of all associated stakeholders. Policies will have a central role in the foreseen BPR4GDPR operational ecosystem, since they will be the drivers for the compliance-aware process verification and re-engineering, as well as the run-time operation, providing the behavioural norms of underlying entities.

Objective 3: By design privacy-aware process models

In order to enable privacy by design as regards business processes and underlying operations thereof, BPR4GDPR anticipates providing natively compliant processes and workflow applications that will be consistent with security and privacy provisions and requirements, offering at the same time the highest transparency level by automating the fulfilment of the requirements for compliance to a great extent. To this end, BPR4GDPR aims at providing modelling technologies and tools for the incorporation of all respective provisions in process models and the resulting executable processes, as well as the means for automating verification and alignment.

Objective 4: Compliance-driven process re-engineering

BPR4GDPR fosters facilitating compliance-aware process engineering and re-engineering by means of providing a set of mechanisms for automating the respective procedures and resulting in processes, that are compliant by design. Said processes may refer to different abstraction levels, ranging from high-level business operations down to compositions of software functions and services.

Objective 5: Compliance toolkit

BPR4GDPR aims at providing a set of tools that, following appropriate configuration, would fit the needs of various organisations being subject to GDPR compliance. This way, the project fosters facilitating the deployment of mechanisms addressing requirements that are pervasive in organisations that collect and process personal data, thus making compliance easier.

Objective 6: Compliance-as-a-Service (CaaS)

BPR4GDPR aims at implementing the concept of Compliance-as-a-Service (CaaS), fostering compliance to be offered inherently and out-of-the-box to users of Cloud services. This way, the project foresees compliance to be achieved at low cost to SMEs, and anticipates added value for the providers.

Objective 7: Comprehensive trials

The BPR4GDPR technology and overall framework will be deployed in selected end-users of at least three EU countries. The corresponding trials will involve software companies, service providers and carefully selected stakeholders, in a way that i) the functional and operational performance and value of BPR4GDPR solution will be assessed, ii) different deployment models will be validated, and iii) a market penetration roadmap for full deployment in those markets will be defined.

Objective 8: Impact creation

BPR4GDPR aims at being a project of profound impact in European research and economy, especially as regards the areas of data protection, security, BPM, software services, cloud computing, etc., and fosters to open up the pathway for GDPR compliance and privacy-aware services to all actors in the value chain.