Home » Project of the week » Project of the Week - BPR4GDPR

Project of the Week - BPR4GDPR

17/06/2019 to 21/06/2019

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

The goal of BPR4GDPR (Business Process Re-engineering and functional toolkit for GDPR compliance) is to provide a holistic framework able to support end-to-end GDPR-compliant intra- and interorganisational ICT-enabled processes at various scales, while also being generic enough, fulfilling operational requirements covering diverse application domains.

Here are the main objectives of BPR4GDPR:

Objective 1: Reference compliance framework

BPR4GDPR will be driven by the data protection legislation, particularly the GDPR, aiming at facilitating compliance for organisations. To this end, it will put in place a reference compliance framework, reflecting the associated provisions and requirements. This framework will serve as the codification of legislation, providing the ground for the development of the BPR4GDPR technologies.

Objective 2: Sophisticated security and privacy policies

BPR4GDPR aims at providing a comprehensive framework for the specification of sophisticated security and privacy policies, able to capture all complex concepts stemming from the data protection legislation and the needs and requirements of all associated stakeholders. Policies will have a central role in the foreseen BPR4GDPR operational ecosystem, since they will be the drivers for the compliance-aware process verification and re-engineering, as well as the run-time operation, providing the behavioural norms of underlying entities.

Objective 3: By design privacy-aware process models

In order to enable privacy by design as regards business processes and underlying operations thereof, BPR4GDPR anticipates providing natively compliant processes and workflow applications that will be consistent with security and privacy provisions and requirements, offering at the same time the highest transparency level by automating the fulfilment of the requirements for compliance to a great extent. To this end, BPR4GDPR aims at providing modelling technologies and tools for the incorporation of all respective provisions in process models and the resulting executable processes, as well as the means for automating verification and alignment.

Objective 4: Compliance-driven process re-engineering

BPR4GDPR fosters facilitating compliance-aware process engineering and re-engineering by means of providing a set of mechanisms for automating the respective procedures and resulting in processes, that are compliant by design. Said processes may refer to different abstraction levels, ranging from high-level business operations down to compositions of software functions and services.

Objective 5: Compliance toolkit

BPR4GDPR aims at providing a set of tools that, following appropriate configuration, would fit the needs of various organisations being subject to GDPR compliance. This way, the project fosters facilitating the deployment of mechanisms addressing requirements that are pervasive in organisations that collect and process personal data, thus making compliance easier.

Objective 6: Compliance-as-a-Service (CaaS)

BPR4GDPR aims at implementing the concept of Compliance-as-a-Service (CaaS), fostering compliance to be offered inherently and out-of-the-box to users of Cloud services. This way, the project foresees compliance to be achieved at low cost to SMEs, and anticipates added value for the providers.

Objective 7: Comprehensive trials

The BPR4GDPR technology and overall framework will be deployed in selected end-users of at least three EU countries. The corresponding trials will involve software companies, service providers and carefully selected stakeholders, in a way that i) the functional and operational performance and value of BPR4GDPR solution will be assessed, ii) different deployment models will be validated, and iii) a market penetration roadmap for full deployment in those markets will be defined.

Objective 8: Impact creation

BPR4GDPR aims at being a project of profound impact in European research and economy, especially as regards the areas of data protection, security, BPM, software services, cloud computing, etc., and fosters to open up the pathway for GDPR compliance and privacy-aware services to all actors in the value chain.

Stay tuned as we bring you more details to know more about this BPR4GDPR and how they will help the cyber security and privacy community in driving GDPR in EU.

You can visit their official website and social media accounts:

Monday, 17 June, 2019 to Friday, 21 June, 2019


On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.