PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements - CEA - Commissariat à l’énergie atomique et aux énergies alternatives Accéder directement au contenu
Chapitre D'ouvrage Année : 2020

PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements

Résumé

With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work has introduced methods to systematically extract taxonomies of privacy requirements out of the GDPR's legal provisions. That is, a hierarchy of meta-requirements that can be instantiated for each specific software project. Particularly, ProPAn is a requirements elicitation method which leverages such taxonomies with the aim of achieving high levels of compliance. However, despite of its benefits, the method presents a high documentation overhead and redundancy across the artifacts it generates. In this work, we introduce a lightweight method named PDP-ReqLite initially inspired from ProPAn that introduces new artifacts for the documentation of personal data and information flows in a system-to-be. The purpose of PDP-ReqLite is to improve usability and applicability by reducing documentation overhead and complexity, and by introducing means to automate tasks, e.g., automated requirements elicitation. In particular, this improved method provides additional features for incorporating new meta-requirements thus enlarging existing taxonomies.
Fichier principal
Vignette du fichier
A_Lightweight_Problem_Based_Approach_for_Privacy_Requirements_Engineering.pdf (1.18 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Dates et versions

cea-03264121 , version 1 (17-06-2021)

Identifiants

Citer

Nicolás E. Díaz Ferreyra, Patrick Tessier, Gabriel Pedroza, Maritta Heisel. PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements. Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT 2020., pp.161-177, 2020, 978-3-030-66172-4. ⟨10.1007/978-3-030-66172-4_10⟩. ⟨cea-03264121⟩
50 Consultations
195 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More