A Method for Managing GDPR Compliance in Business Processes

Organisational compliance with the General Data Protection Regulation (GDPR) is a challenging task. In this paper, we present a GDPR model and its supporting method to manage compliance to the regulation in business processes. Based on a running example, we illustrate how the method is applied to extract an as-is compliance model that describes non-compliance issues and offers solutions to achieve process compliance. The GDPR model and its method are supported by a software tool. Their feasibility and validity are studied in a few business-oriented cases. The paper also discusses the model completeness with respect to the regulation.