BPML Tool for GPRD Compliance Checking

Rodrigo de Bragança Santa Clara Reis

Informações chave

Autores:

Rodrigo de Bragança Santa Clara Reis (Rodrigo de Bragança Santa Clara Reis)

Orientadores:

Nelson Escravana; Carlos Nuno da Cruz Ribeiro (Carlos Nuno da Cruz Ribeiro)

Publicado em

28/06/2019

Resumo

In recent years we have been watching our privacy becoming at risk in mass data collection, analysis, processing and storing: all made possible by social networks and due to a large availability of digital services. As a result, countries are reforming their legal acts on data protection, so that individuals may keep their privacy while maintaining their access to the usual online services. Leading the reform, the new European General Data Protection Regulation (GDPR) calls for some stiffer rules on data protection for all personal data on European citizens. Organizations need a tool that allows them to assure their processing is compliant and current monitoring applications are not data privacy driven besides lacking automated auditing methods. This dissertation proposes the use of a business process intrusion detection tool to monitor data protection concerns over an organization processes, in a manner that allows for compliance verification. The use of business process modeling languages helps organizations to specify their processes that handle personal data and BP-IDS, a Business Process Intrusion Detection System, introduces data protection concepts over those baseline processes. This approach validation is integrated within the context of the COMPACT project, partnering INOV and the Municipality of Amadora. A right to be forgotten scenario use case is implemented and the conformity to the principles of storage minimization and purpose limitation is monitored.