Representing Data Protection Aspects in Process Models by Coloring

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12703)


Business processes typically operate on personal data, e.g., customer data. This requires compliance with data protection regulations, e.g. the European Union General Data Protection Regulation (GDPR). The modeling of business processes is a widespread methodology to visualize and optimize business processes. This should include also data protection concerns. However, standard modeling languages like the Business Process Modeling and Notation (BPMN) do not offer an adequate notation for expressing data protection aspects.

In this paper, we propose a methodology for visualizing privacy concerns in BPMN models. We suggest using colors for marking critical activities and data in the process models. This provides an easy documentation of data protection problems and supports the optimization of processes by eliminating the privacy violation issues.


Coloring scheme Data protection Privacy visualization Business process modeling Process optimization 


  1. 1.
    Adam, S., Riegel, N., Jeswein, T., Koch, M., Imal, S.: Studie - BPM suites 2013. Technical report, Fraunhofer IESE, Kaiserslautern, Germany (2013).
  2. 2.
    Agostinelli, S., Maggi, F.M., Marrella, A., Sapio, F.: Achieving GDPR compliance of BPMN process models. In: Cappiello, C., Ruiz, M. (eds.) Achieving GDPR Compliance of BPMN Process Models. LNBIP, vol. 350, pp. 10–22. Springer, Cham (2019). Scholar
  3. 3.
    Bartolini, C., Calabró, A., Marchetti, E.: Enhancing business process modelling with data protection compliance: an ontology-based proposal. In: Proceedings of the 5th International Conference on Information Systems Security and Privacy, pp. 421–428. SCITEPRESS - Science and Technology Publications, Prague (2019)Google Scholar
  4. 4.
    Berliner Beauftragte für Datenschutz und Informationsfreiheit: Hinweise für Berliner Verantwortliche zu Anbietern von Videokonferenz-Diensten. Technical report, Berliner Beauftragte für Datenschutz und Informationsfreiheit (2020)Google Scholar
  5. 5.
    Besik, S., Freytag, J.C.: Managing consent in workflows under GDPR. In: ZEUS (2020)Google Scholar
  6. 6.
    Chergui, M.E.A., Benslimane, S.M.: A valid BPMN extension for supporting security requirements based on cyber security ontology. In: Abdelwahed, E.H., Bellatreche, L., Golfarelli, M., Méry, D., Ordonez, C. (eds.) MEDI 2018. LNCS, vol. 11163, pp. 219–232. Springer, Cham (2018). Scholar
  7. 7.
    Commission Nationale de l’Informatique et des Libertés: Privacy Impact assessment (PIA) (2019).
  8. 8.
    Elliot, A.J., Maier, M.A., Moller, A.C., Friedman, R., Meinhardt, J.: Color and psychological functioning: the effect of red on performance attainment. J. Exp. Psychol. Gen. 136(1), 154–168 (2007)CrossRefGoogle Scholar
  9. 9.
    ENISA: Handbook on Security of Personal Data Processing (2017).
  10. 10.
    European Parliament and Council: Regulation (EU) 2016/679 of the european parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation) (text with EEA relevance) (2016).
  11. 11.
    Ferreira, J.J., de Souza, C.S.: Communicating ideas in computer-supported modeling tasks: a case study with BPMN. In: Kurosu, M. (ed.) HCI 2013, Part I. LNCS, vol. 8004, pp. 320–329. Springer, Heidelberg (2013). Scholar
  12. 12.
    Goldstein, K.: Some experimental observations concerning the influence of colors on the function of the organism. Am. J. Phys. Med. Rehabil. 1(1), 147–151 (1942)CrossRefGoogle Scholar
  13. 13.
    International Organization for Standardization: ISO/IEC 29134:2017 information technology - security techniques - guidelines for privacy impact assessment (2016).
  14. 14.
    International Organization for Standardization: ISO/IEC 27000:2018 (2018).
  15. 15.
    Jacobs, K.W., Hustmyer, F.E.: Effects of four psychological primary colors on GSR, heart rate and respiration rate. Percept. Mot. Skills 38(3), 763–766 (1974)CrossRefGoogle Scholar
  16. 16.
    Maines, C.L., Llewellyn-Jones, D., Tang, S., Zhou, B.: A cyber security ontology for BPMN-Security extensions. In: Wu, Y., et al. (eds.) 15th IEEE International Conference on Computer and Information Technology, Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing, Liverpool, United Kingdom, pp. 1756–1763. IEEE (2015)Google Scholar
  17. 17.
    McShane, C.: The origins and globalization of traffic control signals. J. Urban Hist. 25(3), 379–404 (1999)CrossRefGoogle Scholar
  18. 18.
    Oberhauser, R., Pogolski, C., Matic, A.: VR-BPMN: visualizing bpmn models in virtual reality. In: Shishkov, B. (ed.) BMSD 2018. LNBIP, vol. 319, pp. 83–97. Springer, Cham (2018). Scholar
  19. 19.
    OMG: Business Process Model and Notation (BPMN), Version 2.0. Standard, Object Management Group (2011)Google Scholar
  20. 20.
    OMG: Business process model & notation (BPMN) (2021).
  21. 21.
    Ramos-Merino, M., Santos-Gago, J.M., Álvarez-Sabucedo, L.M., Rorís, V.M.A., Sanz-Valero, J.: BPMN-E2: a BPMN extension for an enhanced workflow description. Softw. Syst. Model. 18(4), 2399–2419 (2019)CrossRefGoogle Scholar
  22. 22.
    Rehring, K., Greulich, M., Bredenfeld, L., Ahlemann, F.: Let’s get in touch - decision making about enterprise architecture using 3D visualization in augmented reality. In: Bui, T. (ed.) Proceedings of 52nd Hawaii International Conference on System Sciences, HICSS 2019, Grand Wailea, Maui, Hawaii, USA, pp. 1–10. ScholarSpace (2019)Google Scholar
  23. 23.
    Rodriguez, A., Fernández-Medina, E., Piattini, M.: A BPMN extension for the modeling of security requirements in business processes. IEICE Trans. Inf. Syst. E90D, 745–752 (2007)Google Scholar
  24. 24.
    Saleem, M.Q., Jaafar, J.B., Hassan, M.F.: A domain-specific language for modelling security objectives in a business process models of SOA applications. Int. J. Adv. Inf. Sci. Serv. Sci. 4(1), 353–362 (2012)Google Scholar
  25. 25.
    Zarour, K., Benmerzoug, D., Guermouche, N., Drira, K.: A systematic literature review on BPMN extensions. Bus. Process. Manag. J. 26(6), 1473–1503 (2020)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2021

Authors and Affiliations

  1. 1.Kiel UniversityKielGermany
  2. 2.University of OsloOsloNorway

Personalised recommendations