Process mining meets GDPR compliance: the right to be forgotten as a use case

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

11 Downloads (Pure)

Uittreksel

In a bid to ensure privacy of personal data of data subjects, the General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses qualifying as data controllers and data processors. The regulation additionally bestow data subjects certain rights over their personal data, right to be forgotten generally being perceived the landmark. Fulfilling the GDPR’s obligatory requirements and provisioning of the data subject’s rights implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, several technical as well as procedural challenges are associated. The case for organizations having intertwined or cascaded business processes and business processes stretched over multiple organizations is even more complicated. Process mining discipline has been found highly effective in automatically discovering, conformance/compliance analysis, and enhancement of business processes, organizational workflows, healthcare procedures/guidelines to name a few. Process mining techniques therefore have a great potential to assist and guide the transformation of pre-GDPR era (presumably GDPR non-compliant) business or organizational processes into GDPR-compliant processes, and afterwards monitor the compliance during execution. In addition to the current state of the art offline process mining techniques, stable online conformance checking and online model repair techniques needs to be developed for ensuring compliance to the regulation. We are highlighting the challenges associated with implementation of the right to be forgotten, and the GDPR in general.

Originele taal-2Engels
TitelICPM Doctoral Consortium 2019
SubtitelProceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019)
RedacteurenBoudewijn van Dongen, Jan Claes
UitgeverijCEUR-WS.org
Hoofdstuk6
Aantal pagina's9
StatusGepubliceerd - 1 jan 2019
Evenement2019 International Conference on Process Mining Doctoral Consortium, ICPM-DC 2019 - Aachen, Duitsland
Duur: 23 jun 201923 jun 2019

Publicatie series

NaamCEUR Workshop Proceedings
Volume2432
ISSN van geprinte versie1613-0073

Congres

Congres2019 International Conference on Process Mining Doctoral Consortium, ICPM-DC 2019
LandDuitsland
StadAachen
Periode23/06/1923/06/19

Vingerafdruk

Data privacy
Industry
Compliance
Repair
Controllers

Citeer dit

Zaman, R., & Hassani, M. (2019). Process mining meets GDPR compliance: the right to be forgotten as a use case. In B. van Dongen, & J. Claes (editors), ICPM Doctoral Consortium 2019: Proceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019) (CEUR Workshop Proceedings; Vol. 2432). CEUR-WS.org.
Zaman, Rashid ; Hassani, Marwan. / Process mining meets GDPR compliance : the right to be forgotten as a use case. ICPM Doctoral Consortium 2019: Proceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019). redacteur / Boudewijn van Dongen ; Jan Claes. CEUR-WS.org, 2019. (CEUR Workshop Proceedings).
@inproceedings{d3961b5f216e47b096b6328c88d51854,
title = "Process mining meets GDPR compliance: the right to be forgotten as a use case",
abstract = "In a bid to ensure privacy of personal data of data subjects, the General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses qualifying as data controllers and data processors. The regulation additionally bestow data subjects certain rights over their personal data, right to be forgotten generally being perceived the landmark. Fulfilling the GDPR’s obligatory requirements and provisioning of the data subject’s rights implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, several technical as well as procedural challenges are associated. The case for organizations having intertwined or cascaded business processes and business processes stretched over multiple organizations is even more complicated. Process mining discipline has been found highly effective in automatically discovering, conformance/compliance analysis, and enhancement of business processes, organizational workflows, healthcare procedures/guidelines to name a few. Process mining techniques therefore have a great potential to assist and guide the transformation of pre-GDPR era (presumably GDPR non-compliant) business or organizational processes into GDPR-compliant processes, and afterwards monitor the compliance during execution. In addition to the current state of the art offline process mining techniques, stable online conformance checking and online model repair techniques needs to be developed for ensuring compliance to the regulation. We are highlighting the challenges associated with implementation of the right to be forgotten, and the GDPR in general.",
keywords = "Business processes, Compliance, Conformance, GDPR, Right to be forgotten",
author = "Rashid Zaman and Marwan Hassani",
year = "2019",
month = "1",
day = "1",
language = "English",
series = "CEUR Workshop Proceedings",
publisher = "CEUR-WS.org",
editor = "{van Dongen}, Boudewijn and Jan Claes",
booktitle = "ICPM Doctoral Consortium 2019",

}

Zaman, R & Hassani, M 2019, Process mining meets GDPR compliance: the right to be forgotten as a use case. in B van Dongen & J Claes (redactie), ICPM Doctoral Consortium 2019: Proceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019). CEUR Workshop Proceedings, vol. 2432, CEUR-WS.org, 2019 International Conference on Process Mining Doctoral Consortium, ICPM-DC 2019, Aachen, Duitsland, 23/06/19.

Process mining meets GDPR compliance : the right to be forgotten as a use case. / Zaman, Rashid; Hassani, Marwan.

ICPM Doctoral Consortium 2019: Proceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019). redactie / Boudewijn van Dongen; Jan Claes. CEUR-WS.org, 2019. (CEUR Workshop Proceedings; Vol. 2432).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

TY - GEN

T1 - Process mining meets GDPR compliance

T2 - the right to be forgotten as a use case

AU - Zaman, Rashid

AU - Hassani, Marwan

PY - 2019/1/1

Y1 - 2019/1/1

N2 - In a bid to ensure privacy of personal data of data subjects, the General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses qualifying as data controllers and data processors. The regulation additionally bestow data subjects certain rights over their personal data, right to be forgotten generally being perceived the landmark. Fulfilling the GDPR’s obligatory requirements and provisioning of the data subject’s rights implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, several technical as well as procedural challenges are associated. The case for organizations having intertwined or cascaded business processes and business processes stretched over multiple organizations is even more complicated. Process mining discipline has been found highly effective in automatically discovering, conformance/compliance analysis, and enhancement of business processes, organizational workflows, healthcare procedures/guidelines to name a few. Process mining techniques therefore have a great potential to assist and guide the transformation of pre-GDPR era (presumably GDPR non-compliant) business or organizational processes into GDPR-compliant processes, and afterwards monitor the compliance during execution. In addition to the current state of the art offline process mining techniques, stable online conformance checking and online model repair techniques needs to be developed for ensuring compliance to the regulation. We are highlighting the challenges associated with implementation of the right to be forgotten, and the GDPR in general.

AB - In a bid to ensure privacy of personal data of data subjects, the General Data Protection Regulation(GDPR) entails stringent obligations on organizations and businesses qualifying as data controllers and data processors. The regulation additionally bestow data subjects certain rights over their personal data, right to be forgotten generally being perceived the landmark. Fulfilling the GDPR’s obligatory requirements and provisioning of the data subject’s rights implicates considerable changes to the existing (pre-GDPR era) business and organizational processes. Being a non-trivial task, several technical as well as procedural challenges are associated. The case for organizations having intertwined or cascaded business processes and business processes stretched over multiple organizations is even more complicated. Process mining discipline has been found highly effective in automatically discovering, conformance/compliance analysis, and enhancement of business processes, organizational workflows, healthcare procedures/guidelines to name a few. Process mining techniques therefore have a great potential to assist and guide the transformation of pre-GDPR era (presumably GDPR non-compliant) business or organizational processes into GDPR-compliant processes, and afterwards monitor the compliance during execution. In addition to the current state of the art offline process mining techniques, stable online conformance checking and online model repair techniques needs to be developed for ensuring compliance to the regulation. We are highlighting the challenges associated with implementation of the right to be forgotten, and the GDPR in general.

KW - Business processes

KW - Compliance

KW - Conformance

KW - GDPR

KW - Right to be forgotten

UR - http://www.scopus.com/inward/record.url?scp=85071764645&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:85071764645

T3 - CEUR Workshop Proceedings

BT - ICPM Doctoral Consortium 2019

A2 - van Dongen, Boudewijn

A2 - Claes, Jan

PB - CEUR-WS.org

ER -

Zaman R, Hassani M. Process mining meets GDPR compliance: the right to be forgotten as a use case. In van Dongen B, Claes J, redacteurs, ICPM Doctoral Consortium 2019: Proceedings of the ICPM 2019 Doctoral Consortium co-located with 1st International Conference on Process Mining (ICPM 2019). CEUR-WS.org. 2019. (CEUR Workshop Proceedings).