Skip to Main content Skip to Navigation
Book sections

PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements

Abstract : With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work has introduced methods to systematically extract taxonomies of privacy requirements out of the GDPR's legal provisions. That is, a hierarchy of meta-requirements that can be instantiated for each specific software project. Particularly, ProPAn is a requirements elicitation method which leverages such taxonomies with the aim of achieving high levels of compliance. However, despite of its benefits, the method presents a high documentation overhead and redundancy across the artifacts it generates. In this work, we introduce a lightweight method named PDP-ReqLite initially inspired from ProPAn that introduces new artifacts for the documentation of personal data and information flows in a system-to-be. The purpose of PDP-ReqLite is to improve usability and applicability by reducing documentation overhead and complexity, and by introducing means to automate tasks, e.g., automated requirements elicitation. In particular, this improved method provides additional features for incorporating new meta-requirements thus enlarging existing taxonomies.
Complete list of metadata
Contributor : Gabriel Pedroza Connect in order to contact the contributor
Submitted on : Thursday, June 17, 2021 - 11:03:58 PM
Last modification on : Saturday, February 19, 2022 - 3:13:46 AM
Long-term archiving on: : Saturday, September 18, 2021 - 7:04:10 PM


Files produced by the author(s)



Nicolás E. Díaz Ferreyra, Patrick Tessier, Gabriel Pedroza, Maritta Heisel. PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements. Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT 2020., pp.161-177, 2020, 978-3-030-66172-4. ⟨10.1007/978-3-030-66172-4_10⟩. ⟨cea-03264121⟩



Record views


Files downloads