Azadeh Sadat Mozafari Mehr. Compliance to data protection and purpose control using process mining technique. 17th International Conference on Business Process Management (BPM 2019), September 1-6, 2019, Vienna, Austria.

Abstract
The business processes of an organisation are executed in certain boundaries. Some of the restrictions are raised from the environment of the organisations such as regulatory and supervisory constraints. One of the regulations that is imposed on organisations is the European General Data Protection Regulation (GDPR). The most important aspect of the GDPR rules is how organisations handle personal data of their customers. In this research, we focus on this aspect of the GDPR. Our goal is to develop a solution that enables organisations to deal with the challenges of becoming compliant with GDPR. We plan to use and improve process mining techniques to tackle the problems such as discovering data- ow and control- ow of business processes that have interaction with personal data of customers. Our approach consists of four phases: (1) discover process model based on purpose, (2) translate regulatory rules to technical rules, (3) develop privacy policy model base on the GDPR, (4) conformance analysis.

Keywords: Process Mining, GDPR, Compliance Checking, Rule Translation

Download Link: http://ceur-ws.org/Vol-2420/papeDC10.pdf