In process mining, real-world event logs are often inaccessible for sharing due to corporate privacy and confidentiality concerns—distinct from individual data privacy—posing a critical bottleneck for collaborative analysis. Method: This paper formally defines “confidentiality” for process data and introduces Privacy and Confidentiality Requirements Engineering (PCRE), a methodology integrating stakeholder co-modelling, structured expert interviews, and privacy-enhancing action design. PCRE systematically balances GDPR compliance, protection of business-sensitive information, and analytical utility. Contribution/Results: Empirical validation across two manufacturing enterprises demonstrates PCRE’s feasibility and reusability in high-sensitivity industrial settings. The framework delivers a practical, requirements-driven paradigm for conducting compliant and analytically viable process data analysis—bridging regulatory adherence with operational relevance in enterprise process intelligence.

The application and development of process mining techniques face significant challenges due to the lack of publicly available real-life event logs. One reason for companies to abstain from sharing their data are privacy and confidentiality concerns. Privacy concerns refer to personal data as specified in the GDPR and have been addressed in existing work by providing privacy-preserving techniques for event logs. However, the concept of confidentiality in event logs not pertaining to individuals remains unclear, although they might contain a multitude of sensitive business data. This work addresses confidentiality of process data based on the privacy and confidentiality engineering method (PCRE). PCRE interactively explores privacy and confidentiality requirements regarding process data with different stakeholders and defines privacy-preserving actions to address possible concerns. We co-construct and evaluate PCRE based on structured interviews with process analysts in two manufacturing companies. PCRE is generic, hence applicable in different application domains. The goal is to systematically scrutinize process data and balance the trade-off between privacy and utility loss.