RESEARCH ON ERROR PROBABILITY ASSESSMENT IN USER PERSONAL DATA PROCESSING IN GDPR-COMPLIANT BUSINESS PROCESS MODELS
DOI:
https://doi.org/10.20998/2079-0023.2024.01.05Keywords:
business process GDPR compliance, personal data leakage prevention, BPMN business process model analysis, business process model error probability analysis, personal data protection in business processesAbstract
The only right strategy for businesses and government organizations in Ukraine and other countries that may face aggression is to recognize themselves as a potential target for cyberattacks by the aggressor (both by its government agencies and related cybercriminal groups) and take appropriate measures in accordance with the European Union’s General Data Protection Regulation (GDPR). The main purpose of the GDPR is to regulate the rights to personal data protection and to protect EU citizens from data leaks and breaches of confidentiality, which is especially important in today’s digital world, where the processing and exchange of personal data are integral parts of almost every business process. Therefore, the GDPR encourages organizations to transform their day-to-day business processes that are involved in managing, storing, and sharing customers’ personal data during execution. Thus, business process models created in accordance with the GDPR regulations must be of high quality, just like any other business process models, and the probability of errors in them must be minimal. This is especially important with regard to the observance of human rights to personal data protection, since low-quality models can become sources of errors, which, in turn, can lead to a breach of confidentiality and data leakage of business process participants. This paper analyzes recent research and publications, proposes a method for analyzing business process models that ensure compliance with the GDPR regulations, and tests its performance based on the analysis of BPMN models of business processes for obtaining consent to data processing and withdrawal of consent to user data processing. As a result, the probability of errors in the considered business process models was obtained, which suggests the possibility of confidentiality violations and data leaks of the participants of the considered business processes associated with these errors, and appropriate recommendations were made.
References
Client Alert: The Effects of War on Cyber Security & GDPR. Available at: https://www.corderycompliance.com/war-effects-on-cybersecurity/ (accessed 25.04.2024).
Unknown Virus Attacks Dozens Of Ukrainian Companies. Available at: https://hromadske.ua/en/posts/unknown-virus-attacks-ukraines-state-banks-and-enterprizes (accessed 25.04.2024).
An overview of Russia’s cyberattack activity in Ukraine. Available at: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd (accessed 25.04.2024).
Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). Available at: https://data.consilium.europa.eu/doc/document/ST-9565-2015-INIT/en/pdf (accessed 25.04.2024).
How to access your personal data under the GDPR. Available at: https://www.citizensinformation.ie/en/government_in_ireland/data_protection/rights_under_general_data_protection_regulation.html (accessed 25.04.2024).
Agostinelli S. et al. Achieving GDPR compliance of BPMN process models. Available at: https://doi.org/10.1007/978-3-030-21297-1_2 (accessed 25.04.2024).
Bryce C. Security Governance as a Service on the Cloud. Available at: https://doi.org/10.1186/s13677-019-0148-5 (accessed 25.04.2024).
Palmirani M., Governatori G. Modelling Legal Knowledge for GDPR Compliance Checking. Available at: https://doi.org/10.3233/978-1-61499-935-5-101 (accessed 25.04.2024).
Besik S. I., Freytag J. C. Managing Consent in Workflows under GDPR. Available at: https://ceur-ws.org/Vol-2575/paper4.pdf (accessed 25.04.2024).
Van der Aalst W. M. Business process management: a comprehensive survey. Available at: https://doi.org/10.1155/2013/507984 (accessed 25.04.2024).
Kahloun F., Ghannouchi S. A. A Classification Algorithm for Assessing the Quality Criteria for Business Process Models. Available at: https://doi.org/10.1007/978-3-319-76351-4_8 (accessed 25.04.2024).
Mendling J., Sánchez-González L., García F., La Rosa M. Thresholds for error probability measures of business process models. Available at: https://doi.org/10.1016/j.jss.2012.01.017 (accessed 25.04.2024).
Downloads
Published
How to Cite
Issue
Section
License
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
