View article

Among the numerous challenges that organisations face, information security is undoubtedly an important concern, and as of lately, compliance with personal data regulation (e.g., the General Data Protection Regulation – GDPR in the EU) is a necessity, while requirements for privacy-by-design need also to be met. This paper proposes a comprehensive method to support the identification, modelling, (re)design, implementation, and realisation of privacy aware/compliant business processes, in order to incorporate personal data protection principles into all work practices and business processes in an organisation. More specifically, this method integrates the main steps of a Data Protection Impact Assessment into business process management, to ensure the identification of personal data flow throughout the organisation and support the assessment of privacy-related risks and enhance personal data protection.