GDPR Compliance Made Easier: the BPR4GDPR Project


  • Georgios Lioudakis ICT abovo
  • Eugenia Papagiannakopoulou ICT abovo P.C.
  • Maria Koukovini ICT abovo P.C.
  • Nikolaos Dellas SingularLogic S.A.
  • Kostas Kalaboukas SingularLogic S.A.
  • Lorenzo Bracciale University of Rome “Tor Vergata”
  • Emanuele Raso University of Rome “Tor Vergata”
  • Giuseppe Bianchi University of Rome “Tor Vergata”
  • Pierpaolo Loreti University of Rome “Tor Vergata”
  • Paolo Barracano Innovazioni Tecnologiche SRL
  • Spiros Alexakis CAS Software AG
  • Renata Medeiros de Carvalho Eindhoven University of Technology
  • Marwan Hassani Eindhoven University of Technology


Data protection, GDPR compliance, process re-engineering, process mining, PETs, access control


With the aim to facilitate compliance with the GDPR, particularly for SMEs, this paper summarises the results of the H2020 BPR4GDPR project. With a focus on business processes, the project has proposed a holistic approach able to support compliant processes, while fulfilling requirements covering diverse application domains. The main pillars of the solution are: i) a policy-based access and usage control system, for setting the operational rules; ii) a framework for automatically re-engineering processes, so that they become compliant by design; iii) a run-time environment for the enforcement of privacy constraints and data subjects’ rights; iv) a process mining framework, devised for ex post compliance analysis and conformance checking leveraging the process execution traces.




How to Cite

Lioudakis, G., Papagiannakopoulou, E. ., Koukovini, M., Dellas, N., Kalaboukas, K., Bracciale, L., Raso, E., Bianchi, G. ., Loreti, P., Barracano, P., Alexakis, S., Medeiros de Carvalho, R., & Hassani, M. (2021). GDPR Compliance Made Easier: the BPR4GDPR Project. ARIS2 - Advanced Research on Information Systems Security, 1(1), 5–23. Retrieved from