Process mining meets GDPR compliance: the right to be forgotten as a use case

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

1 Citation (Scopus)
105 Downloads (Pure)

Abstract

In a bid to ensure privacy of personal data of data subjects, the General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses qualifying as data controllers and data processors. The regulation additionally bestow data subjects certain rights over their personal data, right to be forgotten generally being perceived the landmark. Fulfilling the GDPR’s obligatory requirements and provisioning of the data subject’s rights implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, several technical as well as procedural challenges are associated. The case for organizations having intertwined or cascaded business processes and business processes stretched over multiple organizations is even more complicated. Process mining discipline has been found highly effective in automatically discovering, conformance/compliance analysis, and enhancement of business processes, organizational workflows, healthcare procedures/guidelines to name a few. Process mining techniques therefore have a great potential to assist and guide the transformation of pre-GDPR era (presumably GDPR non-compliant) business or organizational processes into GDPR-compliant processes, and afterwards monitor the compliance during execution. In addition to the current state of the art offline process mining techniques, stable online conformance checking and online model repair techniques needs to be developed for ensuring compliance to the regulation. We are highlighting the challenges associated with implementation of the right to be forgotten, and the GDPR in general.

Original languageEnglish
Title of host publicationICPM Doctoral Consortium 2019
Subtitle of host publicationProceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019)
EditorsBoudewijn van Dongen, Jan Claes
PublisherCEUR-WS.org
Chapter6
Number of pages9
Publication statusPublished - 1 Jan 2019
Event1st International Conference on Process Mining, ICPM 2019 - Aachen, Germany
Duration: 24 Jun 201926 Jun 2019

Publication series

NameCEUR Workshop Proceedings
Volume2432
ISSN (Print)1613-0073

Conference

Conference1st International Conference on Process Mining, ICPM 2019
Country/TerritoryGermany
CityAachen
Period24/06/1926/06/19

Keywords

  • Business processes
  • Compliance
  • Conformance
  • GDPR
  • Right to be forgotten

Fingerprint

Dive into the research topics of 'Process mining meets GDPR compliance: the right to be forgotten as a use case'. Together they form a unique fingerprint.

Cite this