BPML Tool for GPRD Compliance Checking

06/28/2019

In recent years we have been watching our privacy becoming at risk in mass data collection, analysis, processing and storing: all made possible by social networks and due to a large availability of digital services. As a result, countries are reforming their legal acts on data protection, so that individuals may keep their privacy while maintaining their access to the usual online services. Leading the reform, the new European General Data Protection Regulation (GDPR) calls for some stiffer rules on data protection for all personal data on European citizens. Organizations need a tool that allows them to assure their processing is compliant and current monitoring applications are not data privacy driven besides lacking automated auditing methods. This dissertation proposes the use of a business process intrusion detection tool to monitor data protection concerns over an organization processes, in a manner that allows for compliance verification. The use of business process modeling languages helps organizations to specify their processes that handle personal data and BP-IDS, a Business Process Intrusion Detection System, introduces data protection concepts over those baseline processes. This approach validation is integrated within the context of the COMPACT project, partnering INOV and the Municipality of Amadora. A right to be forgotten scenario use case is implemented and the conformity to the principles of storage minimization and purpose limitation is monitored.

Authors in the community:

• 

  R

  Rodrigo de Bragança Santa Clara Reis

  ist178385

Supervisors of this institution:

• 

  C

  Carlos Nuno da Cruz Ribeiro

  ist13499

electrical-engineering-electronic-engineering-information-engineering - Electrical engineering, electronic engineering, information engineering

eng - English

Instituto Superior Técnico