论文信息 - Managing Consent in Workflows under GDPR

Managing Consent in Workflows under GDPR

The European Union General Data Protection Regulation (GDPR) defines the principles to be met by organizations when processing personal data in order to guarantee data privacy. According to GDPR, consent is required for establishing a legal basis for processing personal data, if there are no other legal grounds for the processing. Besides any identifiable “natural” person, also known as data subject, has the right to withdraw the given consent to process his or her personal data at any time. It is the organization’s responsibility to ensure consent and its revocation to demonstrate its compliance with GDPR. With respect to GDPR compliance, organizations can benefit from workflows as they might be used to ensure that consent is obtained before processing personal data. This paper addresses how to enable organizations to manage consent and revocation through their workflows.

Johann-Christoph Freytag | Saliha Irem Besik | J. Freytag

[1] Nils Gruschka,et al. Aligning User Consent Management and Service Process Modeling , 2014, GI-Jahrestagung.

[2] Siani Pearson,et al. Setting the Context , 2019, Third Language Acquisition and Linguistic Transfer.

[3] Mario Piattini,et al. A BPMN Extension for the Modeling of Security Requirements in Business Processes , 2007, IEICE Trans. Inf. Syst..

[4] Sadie Creese,et al. Reaching for Informed Revocation: Shutting Off the Tap on Personal Data , 2009, PrimeLife.

[5] Sadie Creese,et al. A Conceptual Model for Privacy Policies with Consent and Revocation Requirements , 2010, PrimeLife.

[6] Fabrizio Maria Maggi,et al. Achieving GDPR Compliance of BPMN Process Models , 2019, CAiSE Forum.

[7] Johann-Christoph Freytag,et al. A formal approach to build privacy-awareness into clinical workflows , 2019, SICS Software-Intensive Cyber-Physical Systems.

[8] Nikolay Mehandjiev,et al. Modeling of privacy-aware business processes in BPMN to protect personal data , 2014, SAC.

[9] Johann-Christoph Freytag,et al. Ontology-Based Privacy Compliance Checking for Clinical Workflows , 2019, Lernen, Wissen, Daten, Analysen.