Privacy as a Service (PraaS): A Conceptual Model of GDPR to Construct Privacy Services

E.E. Roubtsova*, R. Bosua

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review


The General Data Protection Regulation (GDPR) requires transparency about the use of personal data. However, what does the transparency mean for an individual? This transparency is an ability of an individual to uniformly fulfill actions stated in the GDPR from checking his/her data usage to erasing data. An individual assumes that these actions are supported by services. Such a uniform aspect ``Privacy as a Service'' is proposed in this paper. The contribution of this work is a conceptual model of the GDPR for designing privacy services. This model has been built by a content coding of key Articles from the GDPR, followed by incremental conceptual modelling and, finally, adopting the business-generic pattern of a contract. With executable protocol models of two privacy services identified from the GDPR we illustrate how to use our conceptual model. This work contributes to a uniform understanding of privacy by design as ``Privacy as a Service''. We discuss the semantic and organizational value of the proposed model.
Original languageEnglish
Title of host publicationInternational Symposium on Business Modeling and Software Design
Subtitle of host publicationBMSD 2021: Business Modeling and Software Design
EditorsBoris Shishkov
Place of PublicationCham
Number of pages20
ISBN (Electronic)978-3-030-79976-2
ISBN (Print)978-3-030-79975-5
Publication statusPublished - Jul 2021
Event11th International Symposium on Business Modeling and Software Design - Sofia, Bulgaria
Duration: 5 Jul 20217 Jul 2021
Conference number: 11

Publication series

SeriesLecture Notes in Business Information Processing


Conference11th International Symposium on Business Modeling and Software Design
Abbreviated titleBMSD 2021
Internet address


  • Business Process Modelling
  • Privacy Aspect
  • Privacy as a Service (PraaS)
  • Conceptual Model
  • Executable Protocol Model
  • General Data Protection Regulation
  • General Data Protection Regulation (GDPR)
  • Business process modelling
  • Executable protocol model
  • Conceptual model
  • Privacy aspect


Dive into the research topics of 'Privacy as a Service (PraaS): A Conceptual Model of GDPR to Construct Privacy Services'. Together they form a unique fingerprint.

Cite this