Nake, LeonardKuehnel, StephanBauer, LauraSackmann, StefanKlein, MaikeKrupka, DanielWinter, CorneliaWohlgemuth, Volker2023-11-292023-11-292023978-3-88579-731-9https://dl.gi.de/handle/20.500.12116/43120Complying with data protection regulations is an essential duty for organizations since violating them would lead to monetary penalties from authorities. In Europe, the General Data Protection Regulation (GDPR) defines personal data and requirements for dealing with this type of data. Hence, organizations must identify business activities that deal with personal data to establish measures to fulfill these requirements. Especially for large organizations, a manual identification can be labor-intensive and error-prone. However, textual business process descriptions, such as work instructions, provide valuable insights into the data used in organizations. Therefore, we propose a first approach to automatically identify GDPR-critical tasks in textual business process descriptions. More specifically, we use a supervised machine learning algorithm to automatically identify whether a task deals with personal data or not. A first evaluation of our approach with a dataset of 37 process descriptions containing 509 activities demonstrates that our approach generates satisfactory results.enLegal ComplianceGeneral Data Protection Regulation (GDPR)Business ProcessTask IdentificationText/Conference Paper10.18420/inf2023_1911617-5468