GDPR Compliance Made Easier

The BPR4GDPR Project

Authors

  • Georgios Lioudakis ICT abovo https://orcid.org/0000-0002-4628-6265
  • Eugenia Papagiannakopoulou ICT abovo P.C.
  • Maria Koukovini ICT abovo P.C.
  • Nikolaos Dellas SingularLogic S.A.
  • Kostas Kalaboukas SingularLogic S.A.
  • Lorenzo Bracciale University of Rome “Tor Vergata”
  • Emanuele Raso University of Rome “Tor Vergata”
  • Giuseppe Bianchi University of Rome “Tor Vergata”
  • Pierpaolo Loreti University of Rome “Tor Vergata” https://orcid.org/0000-0002-2348-5077
  • Paolo Barracano Innovazioni Tecnologiche SRL
  • Spiros Alexakis CAS Software AG
  • Renata Medeiros de Carvalho Eindhoven University of Technology
  • Marwan Hassani Eindhoven University of Technology

DOI:

https://doi.org/10.56394/aris2.v1i1.1

Keywords:

Data protection, GDPR compliance, process re-engineering, process mining, PETs, access control

Abstract

With the aim to facilitate compliance with the GDPR, particularly for SMEs, this paper summarises the results of the H2020 BPR4GDPR project. With a focus on business processes, the project has proposed a holistic approach able to support compliant processes, while fulfilling requirements covering diverse application domains. The main pillars of the solution are: i) a policy-based access and usage control system, for setting the operational rules; ii) a framework for automatically re-engineering processes so that they become compliant by design; iii) a run-time environment for the enforcement of privacy constraints and data subjects’ rights; iv) a process mining framework, devised for ex-post compliance analysis and conformance checking to leverage the process execution traces.

References

European Commission, DG for Communication, “e-privacy”, Flash Eurobarometer 443, December 2016

H2020 BPR4GDPR, https://www.bpr4gdpr.eu/[October 26, 2021]

S. Spiekermann, L. Faith Cranor, “Engineering Privacy”, IEEE Transactions on Software Engineering, Vol. 35, No. 1, pp. 67-82, January 2009

G. Kermezis, K. Limniotis, N. Kolokotronis, “User-Generated Pseudonyms Through Merkle Trees”, in Proceedings of the 9thAnnual Privacy Forum (APF 2021), Oslo, Norway, June 17–18, 2021

J. Salas, V. Torra, “A General Algorithm for k-anonymity on Dynamic Databases”, in Proceedings of the 13thData Privacy Management Workshop (DPM 2018), Barcelona, Spain, September 6–7, 2018

Downloads

Published

2021-12-30

How to Cite

[1]
G. Lioudakis, “GDPR Compliance Made Easier: The BPR4GDPR Project”, ARIS2-Journal, vol. 1, no. 1, pp. 5–23, Dec. 2021.

Issue

Vol. 1 No. 1 (2021): ARIS2 - Advanced Research on Information Systems Security

Section

Articles

License

Copyright (c) 2021 Georgios Lioudakis, Eugenia Papagiannakopoulou, Maria Koukovini, Nikolaos Dellas, Kostas Kalaboukas, Lorenzo Bracciale, Emanuele Raso, Giuseppe Bianchi, Pierpaolo Loreti, Paolo Barracano, Spiros Alexakis, Renata Medeiros de Carvalho, Marwan Hassani

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC