Back to top

'ProPerData - A process model to support GDPR compliance' published as technical report

Abstract

The General Data Protection Regulation (GDPR) has changed the perception towards privacy and data protection worldwide. Passed in 2016 and in force since 2018, the regulation has been a steady part of the academic and practical discourse over the past years. However, companies still struggle with the task of becoming compliant, mainly because of the large interdisciplinary scope and the overall complexity of the regulation. Once established, maintaining GDPR compliance in an accelerating business environment remains a challenge.

With this report, we present ProPerData, a process model for the protection of personal data. It addresses software developers and enterprise architects of large organizations and aims to provide a structured overview of the GDPR and a clear definition of responsibilities.

ProPerData is organized along 11 tasks that are derived from the GDPR. 16 work units of ProPerData are assigned to the tasks and executed by ProPerData stakeholders. We account for 6 resources that support the work units and 13 work products that result from them. The work units take place at one or more of the 10 stages or events of ProPerData.

 

Huth, D., Matthes, F.: "ProPerData - A process model to support GDPR compliance". Technical Report. Technical University of Munich, Munich 2020.

 


Three papers accepted for publication at ICEIS 2020

Three papers from the sebis chair were accepted for publication at the 22nd International Conference on Enterprise Information Systems in Prague, May 5-7 2020:

 

Huth, D., Vilser, M., Bondel, G. and Matthes, F.: "Empirical Task Analysis of Data Protection Management and its Collaboration with Enterprise Architecture Management". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear

 

Bondel, G., Nägele, S., Koch, F., Matthes, F.: "Barriers for the Advancement of an API Economy in the German Automotive Industry and Potential Measures to Overcome these Barriers". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear

 

Bondel, G., Buchelt, S., Urlberger, H., Ulrich, N., Kabelin, C., Matthes, F.: "Towards a Change Management Framework for Cloud Transitions: Findings from a Case Study at a German Machine Manufacturer". Proceedings of the 22nd International Conference on Enterprise Information Systems (ICEIS), Prague 2020 - to appear

 


Three papers presented at HICSS 2020

Three sebis research papers were presented at the 53rd Hawaii International Conference on Systems Sciences (HICSS) 2020:

 

Huth, D., Burmeister, F., Matthes, F., and Schirmer, I. 2020. "Empirical Results on the Collaboration Between Enterprise Architecture and Data Protection Management during the Implementation of the GDPR"

Abstract: The European General Data Protection Regulation’s (GDPR) large imminent fines cause companies worldwide to undertake major efforts for privacy compliance. Any company doing business with European customers has to adhere to new processing principles and documentation requirements, and provide extensive access rights to data subjects.
Enterprise architecture management (EAM) provides a theoretical and methodical framework to align business and IT and has been used, among others, to identify and address concerns that arose from regulation.
In this work, we report results from 24 qualitative interviews with 29 enterprise architects on how EAM supports the work of data protection management (DPM) experts. We derive a conceptual framework with four different levels of EAM support for DPM, and discuss high-level recommendations for each level.

 

Burmeister, F., Huth, D., Schirmer, I., Drews, P., and Matthes, F. 2020. "Enhancing Information Governance with Enterprise Architecture Management : Design Principles Derived from Benefits and Barriers in the GDPR Implementation"

Abstract: Businesses today are increasingly dependent on how they transform information into economic value, while simultaneously being compliant with intensified privacy requirements, resulting from legal acts like the General Data Protection Regulation (GDPR). As a consequence, realizing information governance has become a topic more important than ever to balance the beneficial use and protection of information. This paper argues that enterprise architecture management (EAM) can be a key to GDPR implementation as one important domain of information governance by providing transparency on information integration throughout an organization. Based on 24 interviews with 29 enterprise architects, we identified a multiplicity of benefits and barriers within the interplay of EAM and GDPR implementation and derived seven design principles that should foster EAM to enhance information governance.

 

Kleehaus, M., Corpancho, N., Huth, D., Matthes, F. 2020. "Discovery of Microservice-based IT Landscapes at Runtime: Algorithms and Visualizations"

Abstract: The documentation of IT landscapes is a challenging task which is still performed mainly manually. Technology and software development trends like agile practices and microservice-based architectures exacerbate the endeavours to keep documentation up-to-date. Recent research efforts for automating this task have not addressed runtime data for gathering the architecture and remain unclear regarding proper algorithms and visualization support. In this paper, we want to close this research gap by presenting two algorithms that 1) discover the IT landscape based on historical data and 2) create continuously architecture snapshots based on new incoming runtime data. We especially consider scenarios in which runtime artifacts or communications paths were removed from the architecture as those cases are challenging to unveil from runtime data. We evaluate our prototype by analyzing the monitoring data from 79 days of a big automotive company. The algorithms provided promising results. The implemented prototype allows stakeholders to explore the snapshots in order to analyze the emerging behavior of the microservice-based IT landscape.


Research paper accepted at MeDMoT 2013

A paper has been accepted for publication at the International Workshop on Methodical Development of Modeling Tools (MeDMoT). In the paper, the author Team Matheus Hauder, Björn Wüst (iteratec), Max Fiedler, and Florian Matthes present an analysis of task and technology characteristics for Enterprise Architecture (EA) Management tool support. While currently available tools for EA management focus on structured information, the collaborative effort required for developing and planning the EA is often neglected. The paper investigates the integration of existing EA tools and Enterprise Wikis to increase the utilization of these tools by stakeholders and improve the availability of EA products in organizations. 

 

 

 

 


Paper on Enterprise Architecture Documentation accepted for publication at WI 2013

A research paper has been accepted for publication at the 11th International Conference for Wirtschaftsinformatik (WI 2013). The paper entitled “Enterprise Architecture Documentation: Current Practices and Future Directions” reports on a survey among 140 Enterprise Architecture (EA) practitioners to analyze issues organizations face while documenting the EA and keeping the documentation up to date. The author team (Sascha Roth, Matheus Hauder, Matthias Farwick, Ruth Breu, and Florian Matthes) present results on current practices, challenges, and automation techniques for EA documentation in a descriptive manner.