Modeling the System Described by the EU General Data Protection Regulation with DEMO

  • Duarte GouveiaEmail author
  • David AveiroEmail author
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 334)


In this paper we use Design and Engineering Methodology for Organizations (DEMO) to formally describe the European Union General Data Protection Regulation (2016/679) which entries into force and application on May 25, 2018. This law introduces a paradigm shift in information systems by requiring by design and by default much more control on personal data and its processing. The data subjects can give and remove consent for processing and establish restrictions on what the data is processed for. They can also ask for their information, object to automated decision making based on it, require changes to that information or ask that it be erased (‘right to be forgotten’). When they ask for their information, it must be provided in a machine-readable format, which implies data portability and the ability to provide it to another party. This law creates a new role, the data protection officer, and assigns duties to data controllers, data processors, supervisory authorities, national authorities and EU authorities. This work shows how DEMO can present in a simple way the system described by this law, and analyses the challenges and insights provided by using this modeling method.


Enterprise engineering DEMO Data protection Modeling 



This work was partially funded by FCT/MCTES LARSyS (UID/EEA/50009/2013 (2015-2017)).

This work was developed with financial support from ARDITI (Agência Regional para o Desenvolvimento da Investigação, Tecnologia e Inovação), in the context of project M14-20 09–5369-FSE-000001 - Bolsa de Doutoramento.


  1. 1.
    European Union Regulation 2016/679, General Data Protection Regulation.
  2. 2.
    European Union Directive 95/46/EC, Data Protection Directive.
  3. 3.
    Dietz, J.L.G.: Enterprise Ontology – Theory and Methodology. Springer, Heidelberg (2006). Scholar
  4. 4.
    Dietz, J.L.G.: DEMO-3 Way of Working, 1 September 2009 (2009)Google Scholar
  5. 5.
    Medina-Mora, R., Winograd, T., Flores, R., Flores, F.: The action workflow approach to workflow management technology. In: Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work, pp. 281–288. ACM, December 1992Google Scholar
  6. 6.
    Denning, P.J., Medina-Mora, R.: Completing the loops. Interfaces 25(3), 42–57 (1995)CrossRefGoogle Scholar
  7. 7.
    Van Reijswoud, V.E., Mulder, H.B., Dietz, J.L.: Communicative action-based business process and information systems modelling with DEMO. Inf. Syst. J. 9(2), 117–138 (1999)CrossRefGoogle Scholar
  8. 8.
    Dietz, J.L.G.: The PSI theory – understanding human collaboration (v4.3) (2017). Accessed 25 May 2018
  9. 9.
    Wohlin, C., Aurum, A.: Towards a decision-making structure for selecting a research design in empirical software engineering. Empir. Softw. Eng. 20(6), 1427–1455 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Madeira Interactive Technologies InstituteUniversity of MadeiraFunchalPortugal

Personalised recommendations