Modeling the System Described by the EU General Data Protection Regulation with DEMO
In this paper we use Design and Engineering Methodology for Organizations (DEMO) to formally describe the European Union General Data Protection Regulation (2016/679) which entries into force and application on May 25, 2018. This law introduces a paradigm shift in information systems by requiring by design and by default much more control on personal data and its processing. The data subjects can give and remove consent for processing and establish restrictions on what the data is processed for. They can also ask for their information, object to automated decision making based on it, require changes to that information or ask that it be erased (‘right to be forgotten’). When they ask for their information, it must be provided in a machine-readable format, which implies data portability and the ability to provide it to another party. This law creates a new role, the data protection officer, and assigns duties to data controllers, data processors, supervisory authorities, national authorities and EU authorities. This work shows how DEMO can present in a simple way the system described by this law, and analyses the challenges and insights provided by using this modeling method.
KeywordsEnterprise engineering DEMO Data protection Modeling
This work was developed with financial support from ARDITI (Agência Regional para o Desenvolvimento da Investigação, Tecnologia e Inovação), in the context of project M14-20 09–5369-FSE-000001 - Bolsa de Doutoramento.
- 1.European Union Regulation 2016/679, General Data Protection Regulation. http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679
- 2.European Union Directive 95/46/EC, Data Protection Directive. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:31995L0046
- 4.Dietz, J.L.G.: DEMO-3 Way of Working, 1 September 2009 (2009)Google Scholar
- 5.Medina-Mora, R., Winograd, T., Flores, R., Flores, F.: The action workflow approach to workflow management technology. In: Proceedings of the 1992 ACM Conference on Computer-Supported Cooperative Work, pp. 281–288. ACM, December 1992Google Scholar
- 8.Dietz, J.L.G.: The PSI theory – understanding human collaboration (v4.3) (2017). https://www.researchgate.net/publication/320298882_The_PSI_theory_-_understanding_human_collaboration. Accessed 25 May 2018