@inproceedings{f6b5b42e90764b6ea580cbfba2c0a7de,
title = "Using enterprise architecture models for creating the record of processing activities (Art. 30 GDPR)",
abstract = "The record of processing activities (RPA) is a central document in demonstrating compliance with the General Data Protection Regulation (GDPR). Article 30 of the GDPR specifies the information that has to be made available to the supervisory authority upon request. Currently, data protection management experts conduct their own data collection and maintain isolated RPAs. We show how existing Enterprise Architecture models can be augmented with the necessary information to maintain and generate an RPA. We evaluate the completeness and usefulness of the approach together with data protection management experts.",
keywords = "ArchiMate, Data protection, Enterprise Architecture Management, GDPR, RPA, Record of processing activities",
author = "Dominik Huth and Ahmet Tanakol and Florian Matthes",
note = "Publisher Copyright: {\textcopyright} 2019 IEEE.; 23rd IEEE International Enterprise Distributed Object Computing Conference, EDOC 2019 ; Conference date: 28-10-2019 Through 31-10-2019",
year = "2019",
month = oct,
doi = "10.1109/EDOC.2019.00021",
language = "English",
series = "Proceedings - 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference, EDOC 2019",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "98--104",
booktitle = "Proceedings - 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference, EDOC 2019",
}