Requirements for Legally Compliant Software Based on the GDPR

Ringmann, Sandra Domenique; Langweg, Hanno; Waldvogel, Marcel

doi:10.1007/978-3-030-02671-4_15

Cited by 13 publications

(13 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These are marked with a dagger ( †) in the Reference list. We excluded papers that discuss and compare existing PbD principles [22,70,85,120,121,128] as well as those that refine or operationalize PbD principles [6, 10, 19, 26, 37, 41-43, 50, 52, 91, 92, 139, 140, 143], but added the PbD principles they reference to our sample.…”

Section: Privacy By Designmentioning

confidence: 99%

Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines

Barth

Hartel

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

Privacy visualizations help users understand the privacy implications of using an online service. Privacy by Design guidelines provide generally accepted privacy standards for developers of online services. To obtain a comprehensive understanding of online privacy, we review established approaches, distill a unified list of 15 privacy attributes and rank them based on perceived importance by users and privacy experts. We then discuss similarities, explain notable differences, and examine trends in terms of the attributes covered. Finally, we show how our results provide a foundation for user-centric privacy visualizations, inspire best practices for developers, and give structure to privacy policies.

show abstract

Section: Privacy By Designmentioning

confidence: 99%

Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines

Barth

Hartel

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

show abstract

“…Moreover, Robol, Salnitri and Giorgini [15] propose a method to support the design of GDPR-compliant systems based on a socio-technical approach composed of a modeling language and a reasoning framework. Furthermore, Ringmann, Langweg and Waldvogel [16] present a proposal of generic reusable technical requirements for the software development process that satisfies the key principles of the GDPR.…”

Section: Natural Language Processingmentioning

confidence: 99%

“…GDPR, RE [16] An approach to requirements engineering with regard to developing GDPR compliant software. research question 1 of Section III-A.…”

Section: Gdpr Rementioning

confidence: 99%

Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study

2021

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the outset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that natural language processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, NLP, and RE. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE.

show abstract

“…These points extend to academic research. Although some previous work has been done on eliciting requirements from the GDPR [3], [4], the understanding of the regulation's full scope is still in its infancy. Thus, there is a clear need for a hands-on demonstration on how the GDPR's regulatory demands are implemented in the contemporary software industry.…”

Section: Introductionmentioning

confidence: 99%

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Hjerppe¹,

Ruohonen

Leppänen

2019

2019 IEEE 27th International Requirements Engineering Conference (RE)

View full text Add to dashboard Cite

The General Data Protection Regulation (GDPR) in the European Union is the most famous recently enacted privacy regulation. Despite of the regulation's legal, political, and technological ramifications, relatively little research has been carried out for better understanding the GDPR's practical implications for requirements engineering and software architectures. Building on a grounded theory approach with close ties to the Finnish software industry, this paper contributes to the sealing of this gap in previous research. Three questions are asked and answered in the context of software development organizations. First, the paper elaborates nine practical constraints under which many small and medium-sized enterprises (SMEs) often operate when implementing solutions that address the new regulatory demands. Second, the paper elicits nine regulatory requirements from the GDPR for software architectures. Third, the paper presents an implementation for a software architecture that complies both with the requirements elicited and the constraints elaborated.

show abstract

Requirements for Legally Compliant Software Based on the GDPR

Cited by 13 publications

References 13 publications

Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines

Understanding Online Privacy—A Systematic Review of Privacy Visualizations and Privacy by Design Guidelines

Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study

The General Data Protection Regulation: Requirements, Architectures, and Constraints

Contact Info

Product

Resources

About