This document summarizes the challenges faced by the organizations to create GDPR-compliant systems, by analysing the context in which those systems are developed from a twofold perspective: the external constraints posed by the said legal text, and the internal settings of the organizations’ processes and the business domain (with focus on two vertical domains of application). Thus, the deliverable includes both a legal analysis of the General Data Protection Regulation (GDPR) with regards to data protection by design, in application since 25th May 2018, and an initial analysis of the associated needs elicited from industry. The interrelation between both dimensions is considered, by reflecting the technical impact of the GDPR and detailing the specific legal challenges faced by the domains considered.

This document provides an overall vision of the functions expected from PDP4E methods and tools, which address several software and systems engineering disciplines where privacy and data protection related activities are to be introduced, namely: Risk Management, Requirements Engineering, Model-Driven Design, and Systems Assurance.

This document comes to provide an overall vision of the requirements that define the PDP4E toolset as a whole. However, methods and tools will be developed to cover each of the aforesaid disciplines in WP3, WP4, WP5 and WP6, each WP producing an individual subsystem that supports the respective discipline. Thus, instead of providing here a detailed description of the specific system requirements for each subsystem, this document delivers a framework of requirements that supports its refinement for the different disciplines in the respective WP, whose deliverables go into the details of their specific requirements.

The objective of this document is to set the scope of the risk management tool to be developed within the PDP4E project. In particular, this document describes the specification of a tool that shall support actors from diverse background in the co-preparation of a plan to reduce data subjects’ risks derived from a data processing system.

This document starts with a high-level description of the background tools to be considered during the development of the PDP4E risk management tool. Then, it describes the set of users involved in a risk management process and their different responsibilities and needs. Next, it includes the requirements elicitation for the PDP4E risk management tool, which is then completed with the description of the use cases.

This document details the contents of the risk management method steps based on LINDDUN and covers the adaptations made in order to ensure that LINDDUN takes into account the GDPR provisions. LINDDUN is a privacy threat modelling methodology integrating 7 main privacy threat categories. In addition, an attempt will be made to asses how LINDDUN threat categories relate to GDPR provisions on data protection principles and data subject rights. The described method will be adapted to the feedback received from stakeholder validation after the first iteration.

This document describes the architecture of the PDP4E framework for elicitation of requirements oriented to privacy and data protection in systems and software projects. The tool architecture supports the method specified in D4.4 which takes into account the legal obligations introduced by the EU General Data Protection Regulation (GDPR). Since the approach is inspired in the Problem-based Privacy Analysis (ProPAn) method, the architecture inherits a subset of its features and implemented modules. The overall architecture is named PDP4E-Req and integrates a subset of requirement taxonomies as defined in ProPan, and also introduces new taxonomies specific to GDPR.

This document describes a method for the elicitation of privacy requirements in systems and software projects. Such method takes into account the legal obligations introduced by the EU General Data Protection Regulation (GDPR) and seeks to incorporate them into the project in the early stages of its development. This approach is inspired in the Problem-based Privacy Analysis method (ProPAn) which was originally developed by researchers at the University of Duisburg Essen (UDE). This method is extended and adapted to the specific needs of PDP4E with additional requirement taxonomies and software artefacts in order to align it to the expectations of the project’s stakeholders and in particular to engineers.

This document is the first specification of the PDP4E framework for Privacy and Data Protection by Design (PDPbD). The architecture is named “PDPbD framework” and is composed by several modules targeting several design goals. Overall, the framework aims to integrate the legal obligations introduced by the EU General Data Protection Regulation (GDPR) into systems and software projects during the design phase. To do so, the designer needs are covered via several modules of the architecture also described in the document. The design flow covers critical phases like the identification of personal data and their linkability, the representation of processes and architectures conveying data at high level, and the validation of privacy-related properties via different strategies and techniques including validation at code level. 

The initial choices taken to implement the PDPbD architecture mainly pursue three goals (1) leverage existing and mature MDE techniques to ease privacy-aware design, (2) support the method for PDPbD specified in the report D5.4, and (3) keep the architecture flexible enough to interoperate with other PDP4E tools and methods, in particular, the frameworks for risk analysis (WP3), requirements engineering (WP4) and assurance process (WP6). Referred flexibility also means that models can be used in both prescriptive mode (e.g., after application of enhancement techniques) and descriptive mode (e.g., to refine or provide more detailed views). The MDE approach is meant to ease the achievement of referred goals.

This document describes a method to support engineers in the goal of achieving Privacy and Data Protection by Design (PDPbD) in systems and software projects. Such method takes into account the legal obligations introduced by the EU General Data Protection Regulation (GDPR) and seeks to incorporate them into the project at early stages. The method is composed by several phases which are also described. The method addresses several concerns related to privacy and data protection at different levels of design. In particular, it covers aspects like the identification of personal data and their linkability, the representation of processes and architectures conveying data at high level, and the validation of privacy-related properties via different strategies and techniques including validation at code level. When achieved, referred validation provides evidence of requirements fulfilment and increases certainty on the properties the system under design should have.

The deliverable D6.1 (Specification and design of assurance tool for data protection and privacy) is the output of the Task 6.2, which falls within the scope of the Assurance discipline which supports the demonstration of compliance with GDPR and the observance of the principle of accountability through systematic capture of evidences, their association to requirements and artefacts, traceability to the GDPR, and argumentation of compliance derived from those evidences.

Methods and tools for assurance (WP6) are highly related to the principle of accountability included in the GDPR (Art. 5.2). In this context of showing compliance, assurance methods can be considered as the “glue” of privacy data protection engineering outcomes, in the sense that the proposed assurance methodology should take into consideration the outcomes from methods and tools for data protection risk management (WP3), methods and tools for data protection requirements engineering (WP4) and methods and tools for data protection modeldriven design (WP5), to be used for assurance purposes.

This document contains the proposed approach for GDPR from the assurance perspective including a methodology and its application. This preliminary description of the methodology for assurance proposed in the context of the PDP4E project, demonstrates how GDPR can be modelled as an assurance reference framework to assure compliance, and how privacy and data protection controls can be modelled as argumentation patterns whose instantiation will provide justified confidence to show such compliance. A detailed example of this approach is also illustrated by modelling parts of the GDPR and a selection of privacy controls. The present document is the result of the first iteration.

More insight will be provided during its validation in the context of PDP4E case studies. Also, the methodology will be improved and cover more areas not considered in this iteration.