Tool-supported method for privacy analysis of a business process model

The shift to data-driven decision-making brings opportunities to organisations. However, reliance on sensitive data about identifiable persons poses the obligation to cope with data privacy management with respect to the local legislation. As the privacy protection regulation (i.e. GDPR) in the EU has gained its power relatively recently, no established procedures or frameworks guide privacy analysis and assurance. The paper presents a tool-supported method for privacy analysis of a business process model. The proposed method aims to support the elicitation of requirements to the information system to comply with GDPR. Additionally, the method supports the selection of technical measures for privacy assurance based on their effectiveness in the context of a business process. The method's usability is validated by the experimental application of the method to a ride fulfilment process in a ride-hailing company enabled by an autonomous driving system.