Publication in Springer Nature Computer Science 2020
Rashid Zaman and Marwan Hassani: On Enabling GDPR Compliance in Business Processes Through Data-Driven Solutions. In Springer Nature Computer Science 1, 210 (2020). https://doi.org/10.1007/s42979-020-00215-x
The collection and the long-term retention of excessive data enables organisations to process data for insights in non-primary processes. The discovery of insights is promoted to be useful both for organisations and the customers. However, long-term possession of data on one hand risks the privacy of data belonging beings in cases of data breach and on the other hand results in the customers distrust. General Data Protection Regulation (GDPR), abstractly defined the data processing boundaries of the personal data of European Union’s citizens. The processing principles of GDPR, in line with the spirit of privacy by design and default , provides directions on collection, storage, and processing of personal data. Concomitantly, the data subject rights provides customers with necessary control over their personal data stationed at data controller’s premises. The accountability principle of GDPR requires compliance in place and also the ability to demonstrate it. In this work, we are providing three solutions to enable GDPR complaince in business processes. First, we are proposing
intra-process data degradation, a solution for continuous data minimisation during the course of business processes. The proposed approach results in reduced data maintenance and breach losses. Second, we adapt process mining techniques for ascertaining compliance of business process execution to data subject rights. Finally, we present a scheme to utilise differential privacy technique to enable a GDPR-compliant business process discovery. Additionally, we offer links to two effective tools that are demonstrate our first and second contributions.