Logo PTI
Polish Information Processing Society
Logo FedCSIS

Annals of Computer Science and Information Systems, Volume 18

Proceedings of the 2019 Federated Conference on Computer Science and Information Systems

Deriving Workflow Privacy Patterns from Legal Documents


DOI: http://dx.doi.org/10.15439/2019F275

Citation: Proceedings of the 2019 Federated Conference on Computer Science and Information Systems, M. Ganzha, L. Maciaszek, M. Paprzycki (eds). ACSIS, Vol. 18, pages 555563 ()

Full text

Abstract. The recent General Data Protection Regulation (GDPR) has strengthened the importance of data privacy and protection for enterprises offering their services in the EU. Important part of intensified efforts toward better privacy protection is enterprise workflow redesign. It has been already found that the privacy level can be raised with applying the privacy by design principle when re(designing) workflows. A conforming and promising approach is to model privacy relevant workflow fragments as Workflow Privacy Patterns (WPPs) which provide abstract, ‘best practices‘ solution proposals to problems recurring in privacy-aware workflows. WPPs are intended to support process developers, auditors and privacy officers by providing pre-validated patterns that correspond with existing data privacy regulations. However, it is unclear yet how to obtain WPPs with an appropriate level of detail. In this paper, we will introduce our approach to derive WPPs from legal texts and other descriptive regulations. We propose a structure of a WPP, which we derive from pattern approaches from other research areas. We also show the steps for designing a WPP. We think that this approach can be an valuable input towards supporting privacy in enterprises.


  1. European Parliament and Council of the European Union, “Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data,” EU Regulation 2016/679, 2016.
  2. E. Buchmann and J. Anke, “Privacy patterns in business processes,” INFORMATIK 2017, 2017.
  3. R. Von Alan and R. Hevner, “Design science in information systems research,” MIS quarterly, 2004.
  4. P. Schaar, “Privacy by design,” Identity in the Information Society, vol. 3, no. 2, pp. 267–274, 2010.
  5. Information Commissioners Office, “Guide to the general data protection regulation (gdpr),” https://ico.org.uk, Accessed Jul., 2018.
  6. C. Alexander, A pattern language: towns, buildings, construction. Oxford university press, 1977.
  7. P. Wolfgang, “Design patterns for object-oriented software development,” Reading Mass, vol. 15, 1994.
  8. D. C. Schmidt, M. Stal, H. Rohnert, and F. Buschmann, Pattern-Oriented Software Architecture, Patterns for Concurrent and Networked Objects. John Wiley & Sons, 2013, vol. 2.
  9. A. Ter Hofstede, B. Kiepuszewski, A. Barros, and W. Aalst, “Workflow patterns,” Distributed and Parallel Databases, vol. 14, no. 1, pp. 5–51, 2003.
  10. S. Jablonski and C. Bussler, Workflow management: modeling concepts, architecture and implementation. International Thomson Computer Press London, 1996, vol. 392.
  11. N. Russell, W. M. van der Aalst, and A. H. M. ter Hofstede, Workflow Patterns: The Definitive Guide. MIT Press, 2016.
  12. N. Russell et al., “Workflow control-flow patterns: A revised view,” BPM Center Report BPM-06-22, BPMcenter. org, pp. 06–22, 2006.
  13. N. Russell et al., “Workflow data patterns: Identification, representation and tool support,” in International Conference on Conceptual Modeling. Springer, 2005, pp. 353–368.
  14. N. Russell et al., “Workflow resource patterns: Identification, representation and tool support,” in International Conference on Advanced Information Systems Engineering. Springer, 2005, pp. 216–232.
  15. N. Russell et al., “Workflow exception patterns,” in Conference on Advanced Information Systems Engineering, 2006.
  16. B. S. Lerner et al., “Exception handling patterns for process modeling,” Transactions on Software Engineering, vol. 36, no. 2, 2010.
  17. EU FP7 Project PRIPARE, “privacypatterns.eu - collecting patterns for better privacy,” https://privacypatterns.eu, Accessed Apr., 2019.
  18. Projects by IF, “Data permissions catalogue - an evolving collection of design patterns for sharing data,” https://catalogue.projectsbyif.com/, Accessed Jun., 2019.
  19. J. Vom Brocke, Design principles for reference modeling: reusing information models by means of aggregation, specialisation, instantiation, and analogy. IGI Global, 2007.
  20. F. Buschmann, K. Henney, and D. C. Schmidt, Pattern-oriented software architecture, on patterns and pattern languages. John wiley & sons, 2007, vol. 5.