Abstract
GDPR (General Data Protection Regulation) is a new regulation of the European Union that superimposes strict privacy constraints on storing, accessing and processing user data, as a way to ensure that personal user data are not violated neither disclosed without an explicit consent. As a consequence, business processes that interact with large amounts of such data may easily cause GDPR violations, due to the typical complexity of such processes. Inspired by these considerations, this paper highlights the challenges and critical aspects associated with the GDPR compliance journey when opting for naïve straight-forward solutions. We propose a business-aware GDPR compliance journey using online process mining. Using several large log files generated based on a real scenario, we show that the proposed tool is both effective and efficient. As such, it proves to be a powerful concept for usage in incremental GDPR compliance environments.