Data Minimisation as Privacy and Trust Instrument in Business Processes

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

71 Downloads (Pure)


Data is vital for almost all sorts of business processes and workflows. However, the possession of personal data of other beings bear consequences. Data is prone to abuses through the exposure to adversaries in case of data breaches or insider’s illegitimate access and processing, hence adding to customer distrust. The data minimisation principle of the General Data Protection Regulation (GDPR), as a proactive approach, requires the collection of personal data to be limited to what is necessary for the legitimate processing purpose(s). Data degradation advocates for periodic inter-process data minimisation in a multi-process environment. In this context, we are proposing intra-process data degradation as a continuous data minimisation function during the process life. In our solution, the granularity or the information level of the process data is reduced at suitable instances in the process life to the minimum sufficient level for a successful completion of the remaining process. We devise three effective data degradation policies to realise and guide intra-process data degradation in business processes. We show through a proof-of-concept implementation the applicability of the introduced concept and the effectiveness of one of the policies. Our proposed approach intrinsically reduces privacy infringement damages which contribute to end-users trust in the processes.

Original languageEnglish
Title of host publicationBusiness Process Management Workshops - BPM 2020 International Workshops, 2020, Revised Selected Papers
EditorsAdela Del Río Ortega, Henrik Leopold, Flávia Maria Santoro
Number of pages13
ISBN (Print)9783030664978
Publication statusPublished - 2020
Event18th International Conference on Business Process Management (BPM 2020) : Workshop BPM in the era of Digital Innovation and Transformation - fully virtual conference, Sevilla, Spain
Duration: 13 Sept 202018 Sept 2020
Conference number: 18

Publication series

NameLecture Notes in Business Information Processing
ISSN (Print)1865-1348
ISSN (Electronic)1865-1356


Conference18th International Conference on Business Process Management (BPM 2020)
Abbreviated titleBPM 2020
Internet address


  • Business intelligence
  • Data minimisation
  • Data degradation
  • General Data Protection Regulation
  • Intra-process data degradation


Dive into the research topics of 'Data Minimisation as Privacy and Trust Instrument in Business Processes'. Together they form a unique fingerprint.

Cite this