{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T04:42:22Z","timestamp":1771562542330,"version":"3.50.1"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T00:00:00Z","timestamp":1733961600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T00:00:00Z","timestamp":1733961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"Agencia Estatal de Investigaci\u00f3n,Spain","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}]},{"name":"Agencia Estatal de Investigaci\u00f3n,Spain","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}]},{"name":"Agencia Estatal de Investigaci\u00f3n,Spain","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}]},{"name":"Agencia Estatal de Investigaci\u00f3n,Spain","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["PID2020-112540RB-C44"],"award-info":[{"award-number":["PID2020-112540RB-C44"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]},{"name":"NextGenerationUE\/Fondos PRTR","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}]},{"name":"NextGenerationUE\/Fondos PRTR","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}]},{"name":"NextGenerationUE\/Fondos PRTR","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}]},{"name":"NextGenerationUE\/Fondos PRTR","award":["TED2021-130355B-C32"],"award-info":[{"award-number":["TED2021-130355B-C32"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2025,2]]},"DOI":"10.1007\/s10207-024-00952-7","type":"journal-article","created":{"date-parts":[[2024,12,12]],"date-time":"2024-12-12T16:22:55Z","timestamp":1734020575000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Business process models and simulation to enable GDPR compliance"],"prefix":"10.1007","volume":"24","author":[{"given":"\u00c1ngel Jes\u00fas","family":"Varela-Vaca","sequence":"first","affiliation":[]},{"given":"Mar\u00eda Teresa","family":"G\u00f3mez-L\u00f3pez","sequence":"additional","affiliation":[]},{"given":"Yolanda","family":"Morales Zamora","sequence":"additional","affiliation":[]},{"given":"Rafael","family":"M. Gasca","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,12,12]]},"reference":[{"key":"952_CR1","doi-asserted-by":"publisher","first-page":"10","DOI":"10.1007\/978-3-030-21297-1_2","volume-title":"Information Systems Engineering in Responsible Information Systems","author":"S Agostinelli","year":"2019","unstructured":"Agostinelli, S., Maggi, F.M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: Cappiello, C., Ruiz, M. (eds.) Information Systems Engineering in Responsible Information Systems, pp. 10\u201322. Springer International Publishing, Cham (2019)"},{"key":"952_CR2","doi-asserted-by":"publisher","unstructured":"Bonatti, P.A., Kirrane, S., Petrova, I.M., Sauro, L.: Machine understandable policies and gdpr compliance checking. Gesellschaft f\u00fcr Informatik e.V. and Springer-Verlag GmbH Germany, part of Springer Nature (2020). https:\/\/doi.org\/10.1007\/s13218-020-00677-4","DOI":"10.1007\/s13218-020-00677-4"},{"key":"952_CR3","unstructured":"Brocke, J., Mendling, J., Rosemann, M.: Business Process Management Cases Vol. 2: Digital Transformation - Strategy, Processes and Execution. Springer Berlin Heidelberg (2021). https:\/\/books.google.es\/books?id=zs47EAAAQBAJ"},{"key":"952_CR4","doi-asserted-by":"publisher","unstructured":"Chapela-Campa, D., Benchekroun, I., Baron, O., Dumas, M., Krass, D., Senderovich, A.: Can I trust my simulation model? measuring the quality of business process simulation models. CoRR arXiv:2303.17463 (2023). https:\/\/doi.org\/10.48550\/arXiv.2303.17463","DOI":"10.48550\/arXiv.2303.17463"},{"issue":"4","key":"952_CR5","first-page":"30","volume":"3","author":"M da Concei\u00e7\u00e3o Freitas","year":"2018","unstructured":"da Concei\u00e7\u00e3o Freitas, M., da Silva, M.M.: GDPR compliance in SMEs: there is much to be done. J. Inf. Syst. Eng. Manag. 3(4), 30 (2018)","journal-title":"J. Inf. Syst. Eng. Manag."},{"key":"952_CR6","unstructured":"Cotino\u00a0Hueso, L.: Gu\u00eda de Protecci\u00f3n de Datos en IA y Espacios de Datos (2021)"},{"key":"952_CR7","doi-asserted-by":"crossref","unstructured":"Damiano Torre. Mauricio\u00a0Alferez, G.S., Sabetzadeh, M., Briand, L.: Modeling data protection and privacy: application and experience with GDPR. Software and Systems Modeling (2021). https:\/\/link.springer.com\/article\/10.1007\/s10270-021-00935-5","DOI":"10.1007\/s10270-021-00935-5"},{"key":"952_CR8","doi-asserted-by":"crossref","unstructured":"Dumas, M., Rosa, M.L., Mendling, J., Reijers, H.A.: Fundamentals of Business Process Management. Springer-Verlag GmbH Germany, part of Springer Nature (2013) (2nd edn 2018). https:\/\/doi.org\/10.1007\/978-3-662-56509-4","DOI":"10.1007\/978-3-642-33143-5"},{"issue":"6","key":"952_CR9","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1016\/S1361-3723(18)30055-1","volume":"2018","author":"J Garber","year":"2018","unstructured":"Garber, J.: GDPR - compliance nightmare or business opportunity? Comput. Fraud Secur. 2018(6), 14\u201315 (2018)","journal-title":"Comput. Fraud Secur."},{"key":"952_CR10","unstructured":"Hoepman, J.H.: Privacy design strategies. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) ICT Systems Security and Privacy Protection, pp. 446\u2013459. Springer, Berlin Heidelberg, Berlin, Heidelberg (2014)"},{"key":"952_CR11","doi-asserted-by":"publisher","first-page":"255","DOI":"10.1007\/978-3-642-14192-8_23","volume-title":"Requirements Engineering: Foundation for Software Quality","author":"S Islam","year":"2010","unstructured":"Islam, S., Mouratidis, H., Wagner, S.: Towards a framework to elicit and manage security and privacy requirements from laws and regulations. In: Wieringa, R., Persson, A. (eds.) Requirements Engineering: Foundation for Software Quality, pp. 255\u2013261. Springer, Berlin Heidelberg, Berlin, Heidelberg (2010)"},{"key":"952_CR12","doi-asserted-by":"publisher","unstructured":"L\u00f3pez-Pintado, O., Dumas, M.: Business process simulation with differentiated resources: Does it make a difference? In: C.D. Ciccio, R.M. Dijkman, A.\u00a0del-R\u00edo-Ortega, S.\u00a0Rinderle-Ma (eds.) Business Process Management - 20th International Conference, BPM 2022, M\u00fcnster, Germany, September 11-16, 2022, Proceedings, Lecture Notes in Computer Science, (13420), 361\u2013378. Springer (2022). https:\/\/doi.org\/10.1007\/978-3-031-16103-2_24","DOI":"10.1007\/978-3-031-16103-2_24"},{"key":"952_CR13","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1007\/978-3-030-58135-0_9","volume-title":"Advanced Information Systems Engineering","author":"R Matulevi\u010dius","year":"2020","unstructured":"Matulevi\u010dius, R., Tom, J., Kala, K., Sing, E.: A method for managing GDPR compliance in business processes. In: Herbaut, N., La Rosa, M. (eds.) Advanced Information Systems Engineering, pp. 100\u2013112. Springer International Publishing, Cham (2020)"},{"key":"952_CR14","unstructured":"OMG: Business process model and notation (2017). http:\/\/www.omg.org\/spec\/BPMN\/2.0"},{"issue":"7","key":"952_CR15","doi-asserted-by":"publisher","first-page":"2653","DOI":"10.1007\/S10115-019-01431-5","volume":"62","author":"JM P\u00e9rez-\u00c1lvarez","year":"2020","unstructured":"P\u00e9rez-\u00c1lvarez, J.M., G\u00f3mez-L\u00f3pez, M.T., Eshuis, R., Montali, M., Gasca, R.M.: Verifying the manipulation of data objects according to business process and data models. Knowl. Inf. Syst. 62(7), 2653\u20132683 (2020). https:\/\/doi.org\/10.1007\/S10115-019-01431-5","journal-title":"Knowl. Inf. Syst."},{"key":"952_CR16","doi-asserted-by":"crossref","unstructured":"Robol, M., Salnitri, M., Giorgini, P.: Toward GDPR-compliant socio-technical systems: Modeling language and reasoning framework. In: G.\u00a0Poels, F.\u00a0Gailly, E.\u00a0Serral\u00a0Asensio, M.\u00a0Snoeck (eds.) The Practice of Enterprise Modeling,236\u2013250. Springer International Publishing, Cham (2017)","DOI":"10.1007\/978-3-319-70241-4_16"},{"key":"952_CR17","doi-asserted-by":"publisher","unstructured":"Rosenthal, K., Ternes, B., Strecker, S.: Business process simulation on procedural graphical process models. In: Business and Information Systems Engineering, 100\u2013112 (2021). https:\/\/doi.org\/10.1007\/s12599-021-00690-3","DOI":"10.1007\/s12599-021-00690-3"},{"key":"952_CR18","unstructured":"Sing, E.: A meta-model driven method for establishing business process compliance to GDPR. Master\u2019s thesis, University of Tartu (2018). https:\/\/core.ac.uk\/reader\/237084810"},{"issue":"4","key":"952_CR19","doi-asserted-by":"publisher","first-page":"402","DOI":"10.1108\/dprg-01-2019-0007","volume":"21","author":"GA Teixeira","year":"2019","unstructured":"Teixeira, G.A., da Silva, M.M., Pereira, R.: The critical success factors of GDPR implementation: a systematic literature review. Digital Policy, Regulat. Govern. 21(4), 402\u2013418 (2019). https:\/\/doi.org\/10.1108\/dprg-01-2019-0007","journal-title":"Digital Policy, Regulat. Govern."},{"key":"952_CR20","unstructured":"THE EUROPEAN DATA PROTECTION BOARD: Guidelines 9\/2022 on personal data breach notification under GDPR (2022). https:\/\/edpb.europa.eu\/our-work-tools\/documents\/public-consultations\/2022\/guidelines-92022-personal-data-breach_en"},{"key":"952_CR21","unstructured":"THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION: Regulation (EU) 2016\/679 of the european parliament and of the council of 27 april 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95\/46\/ec (2016). http:\/\/data.europa.eu\/eli\/reg\/2016\/679\/oj"},{"key":"952_CR22","doi-asserted-by":"crossref","unstructured":"Tom, J., Sing, E., Matulevi\u010dius, R.: Conceptual representation of the GDPR: Model and application directions. In: J.\u00a0Zdravkovic, J.\u00a0Grabis, S.\u00a0Nurcan, J.\u00a0Stirna (eds.) Perspectives in Business Informatics Research, pp. 18\u201328. Springer International Publishing, Cham (2018). https:\/\/link.springer.com\/chapter\/10.1007\/978-3-319-99951-7_2","DOI":"10.1007\/978-3-319-99951-7_2"},{"key":"952_CR23","doi-asserted-by":"publisher","unstructured":"Torre, D., Soltana, G., Sabetzadeh, M., Briand, L.C., Auffinger, Y., Goes, P.: Using models to enable compliance checking against the GDPR: An experience report. In: 2019 ACM\/IEEE 22nd International Conference on Model Driven Engineering Languages and Systems (MODELS),1\u201311 (2019). https:\/\/doi.org\/10.1109\/MODELS.2019.00-20","DOI":"10.1109\/MODELS.2019.00-20"},{"key":"952_CR24","unstructured":"Weske, M.: Business Process Management - Concepts, Languages, Architectures, 2nd Edition. Springer (2012)"},{"key":"952_CR25","doi-asserted-by":"publisher","first-page":"81608","DOI":"10.1109\/ACCESS.2024.3406724","volume":"12","author":"NA Zaguir","year":"2024","unstructured":"Zaguir, N.A., de Magalh\u00e3es, G.H., de Mesquita Spinola, M.: Challenges and enablers for gdpr compliance: systematic literature review and future research directions. IEEE Access 12, 81608\u201381630 (2024). https:\/\/doi.org\/10.1109\/ACCESS.2024.3406724","journal-title":"IEEE Access"},{"key":"952_CR26","doi-asserted-by":"publisher","first-page":"104","DOI":"10.1016\/j.future.2023.03.021","volume":"145","author":"C Zhou","year":"2023","unstructured":"Zhou, C., Barati, M., Shafiq, O.: A compliance-based architecture for supporting GDPR accountability in cloud computing. Future Generation Comput. Syst. 145, 104\u2013120 (2023). https:\/\/doi.org\/10.1016\/j.future.2023.03.021","journal-title":"Future Generation Comput. Syst."}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00952-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-024-00952-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-024-00952-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,12]],"date-time":"2025-02-12T05:16:34Z","timestamp":1739337394000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-024-00952-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,12]]},"references-count":26,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,2]]}},"alternative-id":["952"],"URL":"https:\/\/doi.org\/10.1007\/s10207-024-00952-7","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,12]]},"assertion":[{"value":"12 December 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors have no Conflict of interest to declare.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interest"}}],"article-number":"41"}}