Privacy and security of electronic data which is increasingly generated and used in our society (e.g., electronic health records, financial data, demographics and administrative data used in eGoverment) is becoming a serious and urgent issue nowadays. Data protection legislation in the EU imposes very stringent requirements on the collection, processing and disclosure of personal data as well as empowers users to control the access and usage of their data. Furthermore, IT systems operate in unpredictable environments, where different individuals access services and devices in different capacities. In contrast, the current security and data protection mechanisms are very rigid. The basic notion of enforcement relies on the idea that infringements (i.e., deviations from policies and procedures) are violations and as such should not be permitted. Moreover, current security mechanisms neglect the existence of business processes and do not take advantage of the opportunity to analyze the event logs and business processes to support the IT system in the security decision-making process.