A provenance model for the european union general data protection regulation

Benjamin E. Ujcich, Adam Bates, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The European Union (EU) General Data Protection Regulation (GDPR) has expanded data privacy regulations regarding personal data for over half a billion EU citizens. Given the regulation’s effectively global scope and its significant penalties for non-compliance, systems that store or process personal data in increasingly complex workflows will need to demonstrate how data were generated and used. In this paper, we analyze the GDPR text to explicitly identify a set of central challenges for GDPR compliance for which data provenance is applicable; we introduce a data provenance model for representing GDPR workflows; and we present design patterns that demonstrate how data provenance can be used realistically to help in verifying GDPR compliance. We also discuss open questions about what will be practically necessary for a provenance-driven system to be suitable under the GDPR.

Original languageEnglish (US)
Title of host publicationProvenance and Annotation of Data and Processes - 7th International Provenance and Annotation Workshop, IPAW 2018, Proceedings
EditorsKhalid Belhajjame, Ashish Gehani, Pinar Alper
Number of pages13
ISBN (Print)9783319983783
StatePublished - 2018
Event7th International Provenance and Annotation Workshop, IPAW 2018 - London, United Kingdom
Duration: Jul 9 2018Jul 10 2018

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11017 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other7th International Provenance and Annotation Workshop, IPAW 2018
Country/TerritoryUnited Kingdom


  • Compliance
  • Data processing
  • Data provenance
  • Data usage
  • GDPR
  • General Data Protection Regulation
  • Modeling

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)


Dive into the research topics of 'A provenance model for the european union general data protection regulation'. Together they form a unique fingerprint.

Cite this