In order to cover its functional needs towards GDPR compliance and cope with the operational phases, BPR4GDPR has specified the system architecture highlighted in the figure below. As illustrated, the BPR4GDPR architecture is divided in four “quadrants”, reflecting different groups of functionalities.

The Governance block provides all functions related to the specification of regulation-driven policies and reasoning thereof, thus representing the Policy Decision Point (PDP) of the system. Planning concerns the specification of workflow models and, based on the appropriate Compliance Metamodel, their verification as regards compliance with the GDPR and their subsequent transformation, if needed, so that they become compliant by design. Run-time provides the means for the run-time system operation, particularly in terms of policy enforcement, data management, privacy-enhancing tools, and interaction with the data subjects. Finally, the Monitoring group deals with process mining and monitoring with the aim to identify discrepancies between compliant and actual behaviour.

More details can be found here.