Logo des Repositoriums
 
Konferenzbeitrag

Towards Identifying GDPR-Critical Tasks in Textual Business Process Descriptions

Zusammenfassung

Complying with data protection regulations is an essential duty for organizations since violating them would lead to monetary penalties from authorities. In Europe, the General Data Protection Regulation (GDPR) defines personal data and requirements for dealing with this type of data. Hence, organizations must identify business activities that deal with personal data to establish measures to fulfill these requirements. Especially for large organizations, a manual identification can be labor-intensive and error-prone. However, textual business process descriptions, such as work instructions, provide valuable insights into the data used in organizations. Therefore, we propose a first approach to automatically identify GDPR-critical tasks in textual business process descriptions. More specifically, we use a supervised machine learning algorithm to automatically identify whether a task deals with personal data or not. A first evaluation of our approach with a dataset of 37 process descriptions containing 509 activities demonstrates that our approach generates satisfactory results.

Beschreibung

Nake, Leonard; Kuehnel, Stephan; Bauer, Laura; Sackmann, Stefan (2023): Towards Identifying GDPR-Critical Tasks in Textual Business Process Descriptions. INFORMATIK 2023 - Designing Futures: Zukünfte gestalten. DOI: 10.18420/inf2023_191. Bonn: Gesellschaft für Informatik e.V.. PISSN: 1617-5468. ISBN: 978-3-88579-731-9. pp. 1895-1908. Wirtschaft, Management Industrie - Workshop zum Stand, den Herausforderungen und Impulsen des Geschäftsprozessmanagements (ZuGPM 2023). Berlin. 26.-29. September 2023

Zitierform

Tags