You are here: Resources > FIDIS Deliverables > Privacy and legal-social content > D14.2: Study on Privacy in Business Processes by Identity Management > 
Privacy-aware Business Process Design by an Enterprise Privacy Architecture  Title:
 Business Processes and Identity Management


Compliance in Enterprises – How can Trends in IT-Security be transferred to Data Protection?

Continuous and repeated tasks in organisations in the private as well as in the public sector exist quite often. Important areas are among others: 

  1. Sales and Customer Relationship Management (CRM) 

  2. Production Planning (PP), Production Management (PM) 

  3. Logistics and transportation 

  4. Financial management 

  5. IT Service Management (ITSM) 

  6. Total Quality Management (TQM) 

  7. Information Security Management (ISM) 


In many of these areas good practice process models are used that suggest standardised proceedings for typical organisations. These process models are meant to be used as framework – they need to be adapted to the specific needs and environmental conditions of the organisation. For data protection no generic good practice process models have been suggested so far. In this chapter a good practice model for data protection is introduced and explained. This contribution bases on an article by (Meints, 2007). 

Requirements for Data Protection Management

Data Protection Management (DPM) in an organisation has to take a number of influencing factors into consideration: 

  1. Legal grounds for data protection include concrete operational requirements such as the maintenance of an inventory of procedures in which personal data are processed. In addition they contain general principles that need to be implemented in the specific context of the organisation and the corresponding procedures. 

  2. Processing of personal data typically is supported or completely done using Information and Communication Technologies (ICT). Thus a strong link to the fast changing ‘state of the art’ in ICT is given. 

  3. In addition DPM needs to take into consideration changing conditions within the organisation. 

  4. Currently there is no metric for defined levels of data protection. 

  5. As a consequence of all these influencing factors no static and long time persistent level of data protection in organisations exists. 


Many of the tasks in DPM are of continuous nature. In this case very often cyclic processes are used. 

Forerunner Process Models for DPM

Looking at the described requirements especially three areas in which good practice process models are used show significant similarities to DPM. They are: 

  1. Total Quality Management (TQM), e.g. ISO 9000 

  2. IT Service Management (ITSM) and IT Governance, e.g. IT Infrastructure Library (ITIL) and CobiT

  3. Information Security Management (ISM), e.g. ISO/IEC 27001 and 17799 


In these process models especially two cyclic process models commonly are used: 

  1. The Deming Cycle for quality management, named after William Edward Deming (U.S. American consultant and mathematician) including the steps “Plan, Do, Check, Act” 

  2. The lifecycles of ICT supported procedures including the steps “Plan, Build, Run” 


The following figure shows these generic process models. 







Figure 5.: Deming Cycle and lifecycle of ICT supported procedures.

Especially Information Security Management Systems (ISMS) developed since mid of the 1990s show a close proximity to DPM. ISMS typically include a good practice management model and corresponding management tasks (e.g. British Standards and CobiT) or catalogues of ICT security risks and corresponding countermeasures (Baseline Protection Catalogues). The good practice process models have in common that they cover (a) the strategic layer of planning in enterprises (by policies), (b) mid term planning (tactical level) by concepts and (c) the operational level by concrete technical and organisational measures. In Germany especially Baseline Protection is established in the private as well as the public sector. For this reason the DPM process model was developed in close accordance to the Baseline Protection information security process model.

The DPM Process Model

The DPM process model consists of two parts: a core process which is accompanied by a number of supporting processes. This process model was developed in close accordance to Baseline Protection to show potential synergies with the corresponding IT-security management process. The following figure shows the DPM core process (left) in comparison with this security management (core) process (right).  

Figure 5.: Data Protection Management Process (left) and Baseline Protection IT-Security Management Process (right).


The DPM core process starts with the assumption that an organisation is introducing DPM as a new process. For this reason the process starts with the strategic level of building up a data protection policy. Strategic targets of an organisation with respect to data protection can be for example: 

  1. Excellence in data protection as a unique selling proposition on the market 

  2. Compliance to data protection legislation on a minimum level 


Also in the strategic level the data protection process is built up.  

On the tactical level activities around the data protection concept are carried out. This includes 

  1. Preparation of the list of procedures in which personal data are processed (also called inventory of procedures) 

  2. Compiling the legal grounds that need to be taken into consideration 

  3. Documentation of the list of measures for each of the procedures; currently a catalogue of generic measures corresponding to the German data protection law is in preparation. It is planned to include this list in the next version of the Baseline Protection Catalogue. 

  4. Checking the status of implementation for these measures 


In the next step missing measures are implemented, user awareness for data protection is created and qualifications of employees of the organisation with respect to data protection are carried out. 

The following process step includes keeping up the reached level of data protection in running operations. Supported by a number of sub-processes (cf. ) this process restarts the core process in case significant changes require this, leading to a cyclic process model. The strategic level of the core process needs to be repeated in cases of fundamental changes only. Though the targets of the DPM process (i.e. compliance to data protection legislation) and the IT-security process (i.e. the required level of confidentiality, integrity and availability) differ, these processes can be used in close accordance.

The following Figure shows the main supporting processes: 


Figure 5.: Good Practice Supporting Process for the DPM Core Process.

The supporting processes have two functions: (1) implementation of specific data protection related tasks in running governmental or business procedures and (2) triggering of the restart of the central process in case fundamental changes in the environment took place. The main supporting processes are: 

  1. Management of IT-Security Incidents: This especially means taking care of data protection specific aspects such as legal consequences of these incidents and support in dealing with them. 

  2. Management of the Lifecycles of Procedures and Applications: In this context the responsible person (data protection officer or Privacy Commissioner) keeps track of procedures and deals with specific data protection related requests submitted by the operators and users e.g. with respect to information about personal data, deletion etc. These requests in running operations also may result in the initialisation of the IT-Security Incident Management Process. In addition to the typical model of lifecycles this task does not end with the dissolution of the procedure as possibly longer time spans for deletion of personal data need to be taken care of.  

  3. Monitoring of changes in data protection legislation: Substantial changes require a restart of the cyclic core process. 

  4. Technology monitoring and management, especially with respect to Privacy Enhancing Technologies (PETs): Mature PETs need to be taken into consideration when planning a new procedure or a new version of an existing procedure as they document a change in state-of-the-art of technology.  

  5. Monitoring and management of changes in the Information Security Management System (ISMS) used in the organisation: Fundamental changes in ISMS can mean a change in state-of-the-art of security management and may have an impact on the modelling of the DPM. (Visa versa this is not necessarily the case, change in the DPM may not necessarily result in changes in the ISMS.) 

Summary and Outlook

For data protection management no integrated good practice processes have been suggested so far. Basing on good practice process models for information security management in this chapter a first suggestion for a good practice process for data protection management is introduced and explained. An integration of this process model into the next version of the data protection chapter of the Baseline Protection Catalogues (former Baseline Protection Manual) as a German national extension is planned by the Data Protection Commissioners in Germany, in co-ordination and supported by the German Federal Office for Information Security (BSI). 


Privacy-aware Business Process Design by an Enterprise Privacy Architecture  fidis_wp14_d14.2-study_on_privacy_in_business_processes_by_identity_management-v09_02.sxw  Business Processes and Identity Management
23 / 38