PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements - Archive ouverte HAL Access content directly
Book Sections Year : 2020

PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements

(1) , (2) , (2) , (1)
1
2

Abstract

With the introduction of the EU General Data Protection Regulation (GDPR), concerns about compliance started to arise among software companies inside and outside Europe. In order to achieve high compliance, software developers must consider those privacy and data protection goals defined across the different legal provisions in the GDPR. Prior work has introduced methods to systematically extract taxonomies of privacy requirements out of the GDPR's legal provisions. That is, a hierarchy of meta-requirements that can be instantiated for each specific software project. Particularly, ProPAn is a requirements elicitation method which leverages such taxonomies with the aim of achieving high levels of compliance. However, despite of its benefits, the method presents a high documentation overhead and redundancy across the artifacts it generates. In this work, we introduce a lightweight method named PDP-ReqLite initially inspired from ProPAn that introduces new artifacts for the documentation of personal data and information flows in a system-to-be. The purpose of PDP-ReqLite is to improve usability and applicability by reducing documentation overhead and complexity, and by introducing means to automate tasks, e.g., automated requirements elicitation. In particular, this improved method provides additional features for incorporating new meta-requirements thus enlarging existing taxonomies.
Fichier principal
Vignette du fichier
A_Lightweight_Problem_Based_Approach_for_Privacy_Requirements_Engineering.pdf (1.18 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

cea-03264121 , version 1 (17-06-2021)

Identifiers

Cite

Nicolás E. Díaz Ferreyra, Patrick Tessier, Gabriel Pedroza, Maritta Heisel. PDP-ReqLite: A lightweight approach for the elicitation of privacy and data protection requirements. Data Privacy Management, Cryptocurrencies and Blockchain Technology. DPM 2020, CBT 2020., pp.161-177, 2020, 978-3-030-66172-4. ⟨10.1007/978-3-030-66172-4_10⟩. ⟨cea-03264121⟩
39 View
89 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More