The massive amounts of data circulating in modern IT systems entail great benefits but also high responsi-bility, especially concerning the ownership and the management of the information. These problems becomeincreasing critical due to the fact that most services are nowadays structured as multiple layers of cloud com-puting, thus increasing the flow of information between different service providers. An especially relevantlimitation in this moment is introduced by the GDPR, which strengthens the duties and responsibilities of theprocessing of personal data. In this context, the research and industrial environments are struggling to identifypractical approaches to highlight the (new) duties of controllers of personal data and foster the transition ofIT-based systems, services, tools to comply with the GDPR. In this paper, we present a solution for enhancingthe modelling of business processes with facilities to help evaluate the compliance with the GDPR. In particu-lar, building over a model describing the constituents of the data protection domain, composed of an ontologyof data protection concepts and a machine-readable translation of the GDPR provisions, and the relationshipsbetween them, we provide the foundation for the design of data protection compliant information systems. Anexample of application is also provided.
Integrating GDPR in business process modeling
Calabro' A.;Marchetti E.
2018
Abstract
The massive amounts of data circulating in modern IT systems entail great benefits but also high responsi-bility, especially concerning the ownership and the management of the information. These problems becomeincreasing critical due to the fact that most services are nowadays structured as multiple layers of cloud com-puting, thus increasing the flow of information between different service providers. An especially relevantlimitation in this moment is introduced by the GDPR, which strengthens the duties and responsibilities of theprocessing of personal data. In this context, the research and industrial environments are struggling to identifypractical approaches to highlight the (new) duties of controllers of personal data and foster the transition ofIT-based systems, services, tools to comply with the GDPR. In this paper, we present a solution for enhancingthe modelling of business processes with facilities to help evaluate the compliance with the GDPR. In particu-lar, building over a model describing the constituents of the data protection domain, composed of an ontologyof data protection concepts and a machine-readable translation of the GDPR provisions, and the relationshipsbetween them, we provide the foundation for the design of data protection compliant information systems. Anexample of application is also provided.| File | Dimensione | Formato | |
|---|---|---|---|
|
prod_393234-doc_135997.pdf
solo utenti autorizzati
Descrizione: Proof
Tipologia:
Altro materiale allegato
Licenza:
NON PUBBLICO - Accesso privato/ristretto
Dimensione
372.63 kB
Formato
Adobe PDF
|
372.63 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
