How to Extract Workflow Privacy Patterns from Legal Documents

  • Marcin RobakEmail author
  • Erik Buchmann
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 380)


The General Data Protection Regulation (GDPR) strengthens the importance of data privacy and protection for enterprises offering their services in the EU. An important part of intensified efforts towards better privacy protection is enterprise workflow (re)design. In particular, the GDPR has strengthened the imperative to apply the privacy by design principle when (re)designing workflows. A conforming and promising approach is to model privacy relevant workflow fragments as Workflow Privacy Patterns (WPPs). Such WPPs allow to specify abstract templates for recurring data-privacy problems in workflows. Thus, WPPs are intended to support workflow engineers, auditors and privacy officers by providing pre-validated patterns that comply with existing data privacy regulations. However, it is unclear yet how to obtain WPPs systematically with an appropriate level of detail.

In this paper, we show our approach to derive WPPs from legal texts and similar normative regulations. The proposed structure of a WPP, which we derived from pattern approaches from other research areas. We also introduce a framework that allows to design WPPs which make legal regulations accessible for persons who do not possess in-depth legal expertise. We have applied our approach to different articles of the GDPR, and we have obtained evidence that we can transfer legal text into a structured WPP representation. If a workflow correctly implements a WPP that has been designed that way, the workflow automatically complies to the respective fragment of the underlying legal text.


Privacy Patterns Workflows 



We would like to thank Martin Bahr for his work on the CCC Model.


  1. 1.
    European Parliament, Council of the European Union: Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. EU Regulation 2016/679 (2016)Google Scholar
  2. 2.
    Buchmann, E., Anke, J.: Privacy patterns in business processes. In: INFORMATIK 2017, pp. 793–798 (2017).
  3. 3.
    Robak, M., Buchmann, E.: Deriving workflow privacy patterns from legal documents. In: 2019 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 555–563. IEEE (2019).
  4. 4.
    Von Alan, R., Hevner, R.: Design science in information systems research. MIS Q. 28(1), 75–105 (2004). Scholar
  5. 5.
    Schaar, P.: Privacy by design. Identity Inf. Soc. 3(2), 267–274 (2010). Scholar
  6. 6.
    Information Commissioners Office: Guide to the general data protection regulation (GDPR). Accessed July 2018
  7. 7.
    Alexander, C.: A Pattern Language: Towns, Buildings, Construction. Oxford University Press, New York (1977). Scholar
  8. 8.
    Wolfgang, P.: Design Patterns for Object-Oriented Software Development, vol. 15. Addison-Wesley, Reading (1994).
  9. 9.
    Schmidt, D.C., Stal, M., Rohnert, H., Buschmann, F.: Pattern-Oriented Software Architecture, Patterns for Concurrent and Networked Objects, vol. 2. Wiley, Hoboken (2013)zbMATHGoogle Scholar
  10. 10.
    Ter Hofstede, A., Kiepuszewski, B., Barros, A., Aalst, W.: Workflow patterns. Distrib. Parallel Databases 14(1), 5–51 (2003). Scholar
  11. 11.
    Jablonski, S., Bussler, C.: Workflow Management: Modeling Concepts, Architecture and Implementation, vol. 392. International Thomson Computer Press, London (1996)Google Scholar
  12. 12.
    Russell, N., van der Aalst, W.M., ter Hofstede, A.H.M.: Workflow Patterns: The Definitive Guide. MIT Press, Cambridge (2016)CrossRefGoogle Scholar
  13. 13.
    Russell, N., et al.: Workflow control-flow patterns: a revised view. BPM Center Report, 06-22 (2006)Google Scholar
  14. 14.
    Russell, N., ter Hofstede, A.H.M., Edmond, D., van der Aalst, W.M.P.: Workflow data patterns: identification, representation and tool support. In: Delcambre, L., Kop, C., Mayr, H.C., Mylopoulos, J., Pastor, O. (eds.) ER 2005. LNCS, vol. 3716, pp. 353–368. Springer, Heidelberg (2005). Scholar
  15. 15.
    Russell, N., van der Aalst, W.M.P., ter Hofstede, A.H.M., Edmond, D.: Workflow resource patterns: identification, representation and tool support. In: Pastor, O., Falcão e Cunha, J. (eds.) CAiSE 2005. LNCS, vol. 3520, pp. 216–232. Springer, Heidelberg (2005). Scholar
  16. 16.
    Russell, N., van der Aalst, W., ter Hofstede, A.: Workflow exception patterns. In: Dubois, E., Pohl, K. (eds.) CAiSE 2006. LNCS, vol. 4001, pp. 288–302. Springer, Heidelberg (2006). Scholar
  17. 17.
    Lerner, B.S., et al.: Exception handling patterns for process modeling. Trans. Softw. Eng. 36(2) (2010). Scholar
  18. 18.
    EU FP7 Project PRIPARE: - collecting patterns for better privacy. Accessed Apr 2019
  19. 19.
    Projects by IF: Data permissions catalogue - an evolving collection of design patterns for sharing data. Accessed June 2019
  20. 20.
    Vom Brocke, J.: Design principles for reference modeling: reusing information models by means of aggregation, specialisation, instantiation, and analogy. IGI Global (2007)Google Scholar
  21. 21.
    Buschmann, F., Henney, K., Schmidt, D.C.: Pattern-Oriented Software Architecture, on Patterns and Pattern Languages, vol. 5. Wiley, Hoboken (2007)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Hochschule für Telekommunikation LeipzigLeipzigGermany

Personalised recommendations