Back to top

'ProPerData - A process model to support GDPR compliance' published as technical report


The General Data Protection Regulation (GDPR) has changed the perception towards privacy and data protection worldwide. Passed in 2016 and in force since 2018, the regulation has been a steady part of the academic and practical discourse over the past years. However, companies still struggle with the task of becoming compliant, mainly because of the large interdisciplinary scope and the overall complexity of the regulation. Once established, maintaining GDPR compliance in an accelerating business environment remains a challenge.

With this report, we present ProPerData, a process model for the protection of personal data. It addresses software developers and enterprise architects of large organizations and aims to provide a structured overview of the GDPR and a clear definition of responsibilities.

ProPerData is organized along 11 tasks that are derived from the GDPR. 16 work units of ProPerData are assigned to the tasks and executed by ProPerData stakeholders. We account for 6 resources that support the work units and 13 work products that result from them. The work units take place at one or more of the 10 stages or events of ProPerData.


Huth, D., Matthes, F.: "ProPerData - A process model to support GDPR compliance". Technical Report. Technical University of Munich, Munich 2020.


Three papers accepted for publication at ICEIS 2020

Three papers from the sebis chair were accepted for publication at the 22nd International Conference on Enterprise Information Systems in Prague, May 5-7 2020:


Huth, D., Vilser, M., Bondel, G. and Matthes, F.: "Empirical Task Analysis of Data Protection Management and its Collaboration with Enterprise Architecture Management". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear


Bondel, G., Nägele, S., Koch, F., Matthes, F.: "Barriers for the Advancement of an API Economy in the German Automotive Industry and Potential Measures to Overcome these Barriers". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear


Bondel, G., Buchelt, S., Urlberger, H., Ulrich, N., Kabelin, C., Matthes, F.: "Towards a Change Management Framework for Cloud Transitions: Findings from a Case Study at a German Machine Manufacturer". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear


Three papers presented at HICSS 2020

Three sebis research papers were presented at the 53rd Hawaii International Conference on Systems Sciences (HICSS) 2020:


Huth, D., Burmeister, F., Matthes, F., and Schirmer, I. 2020. "Empirical Results on the Collaboration Between Enterprise Architecture and Data Protection Management during the Implementation of the GDPR"

Abstract: The European General Data Protection Regulation’s (GDPR) large imminent fines cause companies worldwide to undertake major efforts for privacy compliance. Any company doing business with European customers has to adhere to new processing principles and documentation requirements, and provide extensive access rights to data subjects.
Enterprise architecture management (EAM) provides a theoretical and methodical framework to align business and IT and has been used, among others, to identify and address concerns that arose from regulation.
In this work, we report results from 24 qualitative interviews with 29 enterprise architects on how EAM supports the work of data protection management (DPM) experts. We derive a conceptual framework with four different levels of EAM support for DPM, and discuss high-level recommendations for each level.


Burmeister, F., Huth, D., Schirmer, I., Drews, P., and Matthes, F. 2020. "Enhancing Information Governance with Enterprise Architecture Management : Design Principles Derived from Benefits and Barriers in the GDPR Implementation"

Abstract: Businesses today are increasingly dependent on how they transform information into economic value, while simultaneously being compliant with intensified privacy requirements, resulting from legal acts like the General Data Protection Regulation (GDPR). As a consequence, realizing information governance has become a topic more important than ever to balance the beneficial use and protection of information. This paper argues that enterprise architecture management (EAM) can be a key to GDPR implementation as one important domain of information governance by providing transparency on information integration throughout an organization. Based on 24 interviews with 29 enterprise architects, we identified a multiplicity of benefits and barriers within the interplay of EAM and GDPR implementation and derived seven design principles that should foster EAM to enhance information governance.


Kleehaus, M., Corpancho, N., Huth, D., Matthes, F. 2020. "Discovery of Microservice-based IT Landscapes at Runtime: Algorithms and Visualizations"

Abstract: The documentation of IT landscapes is a challenging task which is still performed mainly manually. Technology and software development trends like agile practices and microservice-based architectures exacerbate the endeavours to keep documentation up-to-date. Recent research efforts for automating this task have not addressed runtime data for gathering the architecture and remain unclear regarding proper algorithms and visualization support. In this paper, we want to close this research gap by presenting two algorithms that 1) discover the IT landscape based on historical data and 2) create continuously architecture snapshots based on new incoming runtime data. We especially consider scenarios in which runtime artifacts or communications paths were removed from the architecture as those cases are challenging to unveil from runtime data. We evaluate our prototype by analyzing the monitoring data from 79 days of a big automotive company. The algorithms provided promising results. The implemented prototype allows stakeholders to explore the snapshots in order to analyze the emerging behavior of the microservice-based IT landscape.

Paper on Investigating the Role of Architects in Scaling Agile Frameworks was presented by Ömer Uludağ at the EDOC 2017 Conference in Québec City, Canada

Our first research paper on the topic of Scaled Agile IT Organizations and Enterprise Architecture Management was accepted by the IEEE 21st International Enterprise Distributed Object Computing Conference. The conference took place from October 10th to October 13th in Québec City, Canada. The aim of the paper was to describe different architect roles in scaling agile frameworks with the help of a structured literature review. On the second day of the conference, a banquet dinner took place in the Parliament Building of the Canadian Province of Québec.

 Picture on the Château Frontenac


 Picture on the presentation of the paper results at the EDOC conference
 Picture from the Banquet Dinner in the Parliament Building of the Canadian Province of Québec


Teilnahme des sebis Lehrstuhls am Forschungskolloquium Modellierung 2017 an der FernUniversität in Hagen

Auch dieses Jahr fand das Forschungskolloquium Modellierung in Kooperation mit teilnehmenden Lehrstühlen aus den Hochschulen Universität Bayreuth, Universität Duisburg-Essen, FernUniversität in Hagen, HTWG Konstanz und TU München statt. Durch spannende Vorträge wurden zahlreiche Themen aus den Bereichen Enterprise Modelling und Enterprise Architecture Management seitens der teilnehmenden Lehrstühle vorgestellt und diskutiert.