Research Output
Automating GDPR Compliance Verification for Cloud-hosted Services
  Cloud-hosted business processes require access to customer data to complete a transaction, to improve a customer's on-line experience or provide useful product recommendations. However, privacy concerns associated with the use of this data have led to legal regulations that impose restrictions on how such data is requested or processed by an on-line service, with large penalties for violating these restrictions, e.g. the European General Data Protection Regulation (GDPR). We propose a framework for helping cloud-hosted services automate GDPR compliance checking. The framework comprises three steps: represent data flow in business processes with an appropriate abstraction (timed transition systems), formalise GDPR rules and obligations and incorporate them into the same abstraction, and implement the abstraction in a model checking tool (Uppaal) in order to automatically verify compliance of business process activities with GDPR. We demonstrate the approach using a cloud-based purchase order system.

  • Date:

    25 December 2020

  • Publication Status:


  • Publisher


  • DOI:


  • Cross Ref:


  • Funders:

    Historic Funder (pre-Worktribe)


Barati, M., Rana, O., & Theodorakopoulos, G. (2020). Automating GDPR Compliance Verification for Cloud-hosted Services. In 2020 International Symposium on Networks, Computers and Communications (ISNCC).



timed automaton, business process models, verification, data privacy

Monthly Views:

Available Documents