Innovation Proposal

BPR4GDPR aims at becoming a milestone project in the area of data protection and privacy, having ambitious objectives and anticipating revolutionary results. As a matter of fact, it will significantly advance the state-of-the-art in the underlying areas, not only by bringing research advances in various related areas, but also by providing breakthroughs:

First, a major innovation of BPR4GDPR is that it will be the first to consider all prevalent aspects of GDPR compliance (compliance assessment, consent management, enforcement tools support) in process-aware systems through their suitable distribution in all phases of the process lifecycle (identification, analysis and redesign, implementation and execution, monitoring and controlling).

In addition, to the best of our knowledge BPR4GDPR will be the first project that will leverage process mining with explicit focus on privacy awareness, enabling, on the one hand, the automated identification and documentation of existing organisational procedures and associated vulnerabilities, and, on the other, the assessment of their compliance after-the-fact with respect to modelled behaviour, fostering accountability and traceability.

Third, BPR4GDPR will go beyond current research approaches in the area of BPM security and privacy that either annotate process models with policies or verify the compliance of the former against the latter by making use of formal methods; instead, BPR4GDPR will go a step further, and will provide for the automatic adaptation and transformation of processes in order to comply with privacy policies, both at design time and following execution. The latter will provide not only an additional safeguard to privacy protection, but also a robust means for automated process evolution serving both regulatory and business goals.