RESEARCH ON ERROR PROBABILITY ASSESSMENT IN USER PERSONAL DATA PROCESSING IN GDPR-COMPLIANT BUSINESS PROCESS MODELS

The only right strategy for businesses and government organizations in Ukraine and other countries that may face aggression is to recognize themselves as a potential target for cyberattacks by the aggressor (both by its government agencies and related cybercriminal groups) and take appropriate measures in accordance with the European Union’s General Data Protection Regulation (GDPR). The main purpose of the GDPR is to regulate the rights to personal data protection and to protect EU citizens from data leaks and breaches of confidentiality, which is especially important in today’s digital world, where the processing and exchange of personal data are integral parts of almost every business process. Therefore, the GDPR encourages organizations to transform their day-to-day business processes that are involved in managing, storing, and sharing customers’ personal data during execution. Thus, business process models created in accordance with the GDPR regulations must be of high quality, just like any other business process models, and the probability of errors in them must be minimal. This is especially important with regard to the observance of human rights to personal data protection, since low-quality models can become sources of errors, which, in turn, can lead to a breach of confidentiality and data leakage of business process participants. This paper analyzes recent research and publications, proposes a method for analyzing business process models that ensure compliance with the GDPR regulations, and tests its performance based on the analysis of BPMN models of business processes for obtaining consent to data processing and withdrawal of consent to user data processing. As a result, the probability of errors in the considered business process models was obtained, which suggests the possibility of confidentiality violations and data leaks of the participants of the considered business processes associated with these errors, and appropriate recommendations were made.