{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,18]],"date-time":"2026-01-18T20:10:27Z","timestamp":1768767027420,"version":"3.49.0"},"reference-count":37,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2020,6,21]],"date-time":"2020-06-21T00:00:00Z","timestamp":1592697600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2020,6,21]],"date-time":"2020-06-21T00:00:00Z","timestamp":1592697600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["787149"],"award-info":[{"award-number":["787149"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100007601","name":"Horizon 2020","doi-asserted-by":"publisher","award":["787149"],"award-info":[{"award-number":["787149"]}],"id":[{"id":"10.13039\/501100007601","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2020,7]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>The collection and long-term retention of excessive data enables organisations to process data for insights in non-primary processes. The discovery of insights is promoted to be useful both for organisations and the customers. However, long-term possession of data on one hand risks the privacy of data belonging beings in cases of data breaches and on the other hand results in the customers distrust. General Data Protection Regulation (GDPR) abstractly defined the data processing boundaries of the personal data of European Union\u2019s citizens. The <jats:italic>processing principles<\/jats:italic> of GDPR, in line with the spirit of <jats:italic>privacy by design and default<\/jats:italic>, provide directions on the collection, storage, and processing of personal data. Concomitantly, the data subject rights provide customers with necessary control over their personal data stationed at\u00a0the data controller\u2019s premises. The <jats:italic>accountability<\/jats:italic> principle of GDPR requires compliance in place and also the ability to demonstrate it. In this work, we are providing three solutions to enable GDPR compliance in business processes. First, we are proposing intra-process data degradation, a solution for continuous data minimisation during the course of business processes. The proposed approach results in reduced data maintenance and breach losses. Second, we adapt process mining techniques for ascertaining compliance of business process execution to data subject rights. Finally, we present a scheme to utilise differential privacy technique to enable GDPR-compliant business process discovery. Additionally, we offer links to two effective tools that demonstrate our first and second contributions.<\/jats:p>","DOI":"10.1007\/s42979-020-00215-x","type":"journal-article","created":{"date-parts":[[2020,6,21]],"date-time":"2020-06-21T15:02:30Z","timestamp":1592751750000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":14,"title":["On Enabling GDPR Compliance in Business Processes Through Data-Driven Solutions"],"prefix":"10.1007","volume":"1","author":[{"given":"Rashid","family":"Zaman","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4027-4351","authenticated-orcid":false,"given":"Marwan","family":"Hassani","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,6,21]]},"reference":[{"key":"215_CR1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-49851-4","volume-title":"Process mining: data science in action","author":"WMP van der Aalst","year":"2016","unstructured":"van der Aalst WMP. Process mining: data science in action. 2nd ed. Berlin: Springer; 2016. https:\/\/doi.org\/10.1007\/978-3-662-49851-4.","edition":"2"},{"key":"215_CR2","doi-asserted-by":"crossref","unstructured":"Antignac T, Le M\u00e9tayer D. Trust driven strategies for privacy by design. In: IFIP international conference on trust management, IFIPTM 2015. Cham: Springer; 2015, pp. 60\u201375.","DOI":"10.1007\/978-3-319-18491-3_5"},{"key":"215_CR3","unstructured":"Anciaux N, Nguyen B, Vazirgiannis M. Miminum exposure in classification scenarios; 2011."},{"issue":"2","key":"215_CR4","doi-asserted-by":"publisher","first-page":"219","DOI":"10.3233\/FI-2015-1176","volume":"137","author":"N Anciaux","year":"2015","unstructured":"Anciaux N, Boutara D, Nguyen B, Vazirgiannis M. Limiting data exposure in multi-label classification processes. Fundamenta Informaticae. 2015;137(2):219\u201336.","journal-title":"Fundamenta Informaticae"},{"key":"215_CR5","doi-asserted-by":"crossref","unstructured":"Anciaux N, Nguyen B, Vazirgiannis M. Limiting data collection in application forms: a real-case application of a founding privacy principle. In: 2012 tenth annual international conference on privacy, security and trust, PST 2012. IEEE; 2012, pp. 59\u201366.","DOI":"10.1109\/PST.2012.6297920"},{"issue":"3","key":"215_CR6","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1023\/A:1008769516670","volume":"13","author":"RJ Hilderman","year":"1999","unstructured":"Hilderman RJ, Hamilton HJ, Cercone N. Data mining in large databases using domain generalization graphs. J Intell Inf Syst. 1999;13(3):195\u2013234.","journal-title":"J Intell Inf Syst"},{"key":"215_CR7","doi-asserted-by":"crossref","unstructured":"Anciaux N, Bouganim L, Van Heerde H, Pucheral P, Apers PMG. Data degradation: making private data less sensitive over time. In: Proceedings of the 17th ACM conference on information and knowledge management, CIKM 2008; 2008, pp. 1401\u20132.","DOI":"10.1145\/1458082.1458301"},{"key":"215_CR8","doi-asserted-by":"crossref","unstructured":"Anciaux N, Bouganim L, Van Heerde H, Pucheral P, Apers PMG. Instantdb: enforcing timely degradation of sensitive data. In: 2008 IEEE 24th international conference on data engineering, ICDE 2008. IEEE; 2008, pp 1373\u20135.","DOI":"10.1109\/ICDE.2008.4497560"},{"key":"215_CR9","unstructured":"Anciaux N, Bouganim L, Van Heerde H, Pucheral P, Apers P. The life-cycle policy model; 2008."},{"key":"215_CR10","unstructured":"van Heerde HJW, Anciaux NLG, Fokkinga MM, Apers PMG. Exploring personalized life cycle policies. CTIT Technical Report Series Supplement\/TR-CTIT-07-85; 2007."},{"key":"215_CR11","unstructured":"van Heerde HJW, Anciaux N. Data degradation to enhance privacy for the Ambient Intelligence. CTIT Technical Report Series 11\/06-74; 2006."},{"key":"215_CR12","unstructured":"Geambasu R, Kohno T, Levy AA, Levy HM. Vanish: increasing data privacy with self-destructing data. In: USENIX security symposium, vol. 316; 2009."},{"issue":"9","key":"215_CR13","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1109\/MC.2011.225","volume":"44","author":"S Pearson","year":"2011","unstructured":"Pearson S, Casassa-Mont M. Sticky policies: an approach for managing privacy across multiple parties. Computer. 2011;44(9):60\u20138.","journal-title":"Computer"},{"key":"215_CR14","unstructured":"Leemans SJJ, Fahland D, Van Der Aalst WMP. Process and deviation exploration with inductive visual miner. In: International conference on business process management, BPM 2014 (Demos) 1295, no. 46; 2014."},{"key":"215_CR15","doi-asserted-by":"crossref","unstructured":"Hassani M, Siccha S, Richter F, Seidl T. Efficient process discovery from event streams using sequential pattern mining. In: 2015 IEEE symposium series on computational intelligence, SSCI 2015. IEEE; 2015, pp. 1366\u201373.","DOI":"10.1109\/SSCI.2015.195"},{"key":"215_CR16","doi-asserted-by":"crossref","unstructured":"Hassani M. Concept drift detection of event streams using an adaptive window. In: 33rd international ECMS conference on modelling and simulation, ECMS 2019; 2019, pp. 230\u20139.","DOI":"10.7148\/2019-0230"},{"key":"215_CR17","doi-asserted-by":"crossref","unstructured":"Adriansyah A, van Dongen BF, van der Aalst WMP. Conformance checking using cost-based fitness analysis. In: 2011 IEEE 15th international enterprise distributed object computing conference, EDOC 2011. IEEE; 2011, pp. 55\u201364.","DOI":"10.1109\/EDOC.2011.12"},{"key":"215_CR18","doi-asserted-by":"crossref","unstructured":"Carmona J, van Dongen B, Solti A, Weidlich M. Conformance checking: relating processes and models. Springer; 2018.","DOI":"10.1007\/978-3-319-99414-7"},{"key":"215_CR19","doi-asserted-by":"crossref","unstructured":"Ramezani E, Fahland D, van der Aalst WMP. Where did I misbehave? Diagnostic information in compliance checking. In: International conference on business process management, BPM 2012. Berlin, Heidelberg: Springer; 2012, pp. 262\u201378.","DOI":"10.1007\/978-3-642-32885-5_21"},{"key":"215_CR20","doi-asserted-by":"crossref","unstructured":"Ramezani E, Fahland D, van der Aalst WMP. Supporting domain experts to select and configure precise compliance rules. In: International conference on business process management, BPM 2013, pp. 498\u2013512. Cham: Springer; 2013.","DOI":"10.1007\/978-3-319-06257-0_39"},{"key":"215_CR21","doi-asserted-by":"crossref","unstructured":"Taghiabadi ER, Gromov V, Fahland D, van der Aalst WMP. Compliance checking of data-aware and resource-aware compliance requirements. In: OTM confederated international conferences on the move to meaningful internet systems, OTM 2014. Berlin, Heidelberg: Springer; 2014, pp. 237\u201357.","DOI":"10.1007\/978-3-662-45563-0_14"},{"key":"215_CR22","doi-asserted-by":"crossref","unstructured":"Fahrenkrog-Petersen SA, van der Aa H, Weidlich M. Pretsa: event log sanitization for privacy-aware process discovery. In: 2019 international conference on process mining, ICPM 2019. IEEE; 2019, pp. 1\u20138.","DOI":"10.1109\/ICPM.2019.00012"},{"key":"215_CR23","doi-asserted-by":"crossref","unstructured":"Ciriani V, De Capitani Di Vimercati S, Foresti S, Samarati P. K-anonymity. In: Secure data management in decentralized systems. Boston, MA: Springer; 2007, pp. 323\u201353.","DOI":"10.1007\/978-0-387-27696-0_10"},{"issue":"05","key":"215_CR24","doi-asserted-by":"publisher","first-page":"557","DOI":"10.1142\/S0218488502001648","volume":"10","author":"L Sweeney","year":"2002","unstructured":"Sweeney L. k-anonymity: a model for protecting privacy. Int J Uncertain Fuzz Knowl-Based Syst. 2002;10(05):557\u201370.","journal-title":"Int J Uncertain Fuzz Knowl-Based Syst"},{"issue":"5","key":"215_CR25","doi-asserted-by":"publisher","first-page":"595","DOI":"10.1007\/s12599-019-00613-3","volume":"61","author":"F Mannhardt","year":"2019","unstructured":"Mannhardt F, KoschmiderA Baracaldo N, Weidlich M, Michael J. Privacy-preserving process mining. Bus Inf Syst Eng. 2019;61(5):595\u2013614.","journal-title":"Bus Inf Syst Eng"},{"key":"215_CR26","doi-asserted-by":"crossref","unstructured":"Dimitrova D, De Hert P. The right of access under the police directive: small steps forward. In: Annual privacy forum, APF 2018. Cham: Springer; 2018, pp. 111\u201330.","DOI":"10.1007\/978-3-030-02547-2_7"},{"key":"215_CR27","doi-asserted-by":"crossref","unstructured":"Agarwal S, Steyskal S, Antunovic F, Kirrane S. Legislative compliance assessment: framework, model and GDPR instantiation. In: Annual privacy forum, APF 2018. Cham: Springer; 2018, pp. 131\u201349.","DOI":"10.1007\/978-3-030-02547-2_8"},{"key":"215_CR28","doi-asserted-by":"crossref","unstructured":"Dufourd C, Finkel A, Schnoebelen P. Reset nets between decidability and undecidability. In: International colloquium on automata, languages, and programming, ICALP 1998, pp. 103\u201315. Berlin, Heidelberg: Springer; 1998.","DOI":"10.1007\/BFb0055044"},{"key":"215_CR29","doi-asserted-by":"crossref","unstructured":"Zaman R, Cuzzocrea A, Hassani M. An innovative online process mining framework for supporting incremental gdpr compliance of business processes. In: 2019 IEEE international conference on big data, IEEE Big Data 2019. IEEE; 2019, pp. 2982\u201391.","DOI":"10.1109\/BigData47090.2019.9005705"},{"key":"215_CR30","unstructured":"Zaman R, Hassani M. Process mining meets GDPR compliance: the right to be forgotten as a use case. In: 2019 international conference on process mining doctoral consortium, ICPM-DC 2019. CEUR-WS.org; 2019."},{"key":"215_CR31","doi-asserted-by":"crossref","unstructured":"Lioudakis GV, Koukovini MN, Papagiannakopoulou EI, Dellas N, Kalaboukas K, de Carvalho RM, Hassani M, et al. Facilitating GDPR compliance: the H2020 BPR4GDPR approach. In: Conference on e-Business, e-Services and e-Society, I3E 2019. Cham: Springer; 2019, pp. 72\u20138.","DOI":"10.1007\/978-3-030-39634-3_7"},{"key":"215_CR32","doi-asserted-by":"crossref","unstructured":"McSherry FD. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of the 2009 ACM SIGMOD international conference on management of data, SIGMOD 2009; 2009, pp. 19\u201330.","DOI":"10.1145\/1559845.1559850"},{"key":"215_CR33","doi-asserted-by":"crossref","unstructured":"Dwork C. Differential privacy: a survey of results. In: International conference on theory and applications of models of computation, TAMC 2008. Berlin, Heidelberg: Springer; 2008, pp. 1\u201319.","DOI":"10.1007\/978-3-540-79228-4_1"},{"key":"215_CR34","doi-asserted-by":"crossref","unstructured":"Wilson RJ, Zhang CY, Lam W, Desfontaines D, Simmons-Marengo D, Gipson B. Differentially private sql with bounded user contribution. In: Proceedings on privacy enhancing technologies 2020, PETS 2020, no. 2; 2020, pp. 230\u201350.","DOI":"10.2478\/popets-2020-0025"},{"key":"215_CR35","unstructured":"Holohan N, Braghin S, Aonghusa PM, Levacher K. Diffprivlib: the IBM differential privacy library; 2019. arXiv:1907.02444."},{"key":"215_CR36","unstructured":"Baskar K, Hassani M. Online comparison of streaming process discovery algorithms. In: 2019 dissertation award, doctoral consortium, and demonstration track at BPM, BPMT 2019. CEUR-WS.org; 2019, pp. 164\u20138."},{"key":"215_CR37","doi-asserted-by":"crossref","unstructured":"Hassani M, van Zelst SJ, van der Aalst WMP. On the application of sequential pattern mining primitives to process discovery: overview, outlook and opportunity identification. Wiley interdisciplinary reviews: data mining and knowledge discovery 9, no. 6, e1315; 2019.","DOI":"10.1002\/widm.1315"}],"updated-by":[{"DOI":"10.1007\/s42979-023-02168-3","type":"correction","label":"Correction","source":"publisher","updated":{"date-parts":[[2023,9,28]],"date-time":"2023-09-28T00:00:00Z","timestamp":1695859200000}}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00215-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-020-00215-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-020-00215-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,28]],"date-time":"2023-09-28T13:26:09Z","timestamp":1695907569000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-020-00215-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,21]]},"references-count":37,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,7]]}},"alternative-id":["215"],"URL":"https:\/\/doi.org\/10.1007\/s42979-020-00215-x","relation":{"correction":[{"id-type":"doi","id":"10.1007\/s42979-023-02168-3","asserted-by":"object"}]},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"value":"2662-995X","type":"print"},{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,6,21]]},"assertion":[{"value":"20 April 2020","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"3 June 2020","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 June 2020","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 September 2023","order":4,"name":"change_date","label":"Change Date","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"Correction","order":5,"name":"change_type","label":"Change Type","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"A Correction to this paper has been published:","order":6,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"https:\/\/doi.org\/10.1007\/s42979-023-02168-3","URL":"https:\/\/doi.org\/10.1007\/s42979-023-02168-3","order":7,"name":"change_details","label":"Change Details","group":{"name":"ArticleHistory","label":"Article History"}}],"article-number":"210"}}