Edinburgh Napier University

  Business process models can involve numerous operational activities for collecting, processing, and exchanging personal user data. Such processes may involve activities that are executed over one or more cloud-based platforms. With an increase in the use of enterprise business processes, the right to data privacy has become a key challenge for developers of process models deployed over such cloud platforms. Design of privacy patterns that are compliant with modern data privacy regulations remains a challenge with increasing adoption of such approaches. One such legislation is the General Data Protection Regulation (GDPR) aiming to protect European citizens from privacy violations, especially for data processing activities hosted within Europe or involving data of European citizens. Blockchain and smart contract technologies have been identified as promising approaches for supporting compliance checking and trust in business processes that utilize a distributed set of activities. Blockchains enable verification of GDPR obligations in an automatic way without the need of a trusted third party. This chapter describes how smart contracts can be used to meet GDPR compliance verification using a number of privacy patterns for business process models. We also describe how a transition system-based automated tool can be used to support such verification. We conclude with a discussion of integrating automated compliance checking (especially for personal user data) and the potential impact this has on the overall execution performance of business processes.