In order to ensure that privacy by design and data protection are effectively enforced in systems development, those aspects shall be included in the tools engineers use every day, rather than forcing them to learn to use tools that are alien to them. Thus, PDP4E will innovate in evolving previously existent mainstream system engineering tools which cover the main disciplines of the SDLC, viz. risk management (MUSA DST), requirements management (Papyrus 4 Req), design and modelling (Papyrus) and assurance (OpenCert); and introducing data protection enabling functionalities to these tools which assist in dealing with e.g. data protection impact assessments, data protection principles, data subjects’ rights, obligations of controllers and processors, accountability, etc.
The resulting software toolset will allow engineers to seamlessly use the same tools they are already familiar with, in order to create systems that comply with GDPR.

Likewise, the successful adoption of privacy and data protection activities by engineers, entails their integration within the workflows they usually follow, rather than being considered as unconnected activities.
Thus, PDP4E will innovate in adapting data protection methods previously formulated by the partners (LINDDUN, PRIPARE, PROPAN, UML4PF), integrating the current work on standards and methods (e.g. OASIS PMRM, ISO 29134, ISO 27550), and aligning them with mainstream methods of SDLC and specializing them to operationalize GDPR compliance (foreground) . The tasks and concepts defined by such methods will be supported by the functions provided by the toolset developed in the objective O1).

Despite the important role privacy and data protection experts will keep, engineers will not be able to properly apply data protection methods in their daily work unless they are have a readily available body of knowledge with the wisdom amassed by data protection community of practice and research, and which is represented in terms compatible with their mind-set.
Thus, PDP4E will deliver with their methods and tools a set of knowledge bases (operational data protection requirements; data protection risks, threats and solutions; privacy patterns; assurance reference frameworks) which distil the existing knowledge in the field, providing engineers with guidance and supporting them with knowledge at hand they can use during the engineering activities. Such knowledge bases will be integrated within the toolset, and can be updated according the developments in the state of the art.

PDP4E will release most of its outcomes through open licenses; in particular, an open-source version of the software toolset will be released under the EPL (Eclipse Public License) and published and hosted by the Eclipse Foundation. To promote adaptation, an MDE approach will be followed to provide adaptability, flexibility and interoperability of the tools developed. PDP4E toolset will also adopt standard interchange formats, well-defined and documented APIs, and a modular architecture that fosters reusability and integration.

PDP4E will involve different stakeholders since the earliest stages, both to capture requirements and to validate the project results, so as to ensure that the results respond to the widest range of engineers. On the one hand, the wide community of developers hosted by Eclipse will be targeted to address their needs; on the other hand, market constraints of two specific application domains will be tackled. Besides, PDP4E will nurture the existent privacy engineering community, by raising the activities of the Internet Privacy Engineering Network (IPEN), which it aims to advance for the creation of an Alliance for Privacy and Data Protection Engineering beyond the project lifetime. PDP4E will also contribute with its results to standardization activities.

In order to validate the outcomes of PDP4E, they will be applied by software and system engineers to introduce data protection issues in the SDLC activities of products they are creating. Such products are not ad hoc developments for PDP4E, but exist outside the project in real development scenarios, where the engineers will employ our methods and tools to deal with data protection aspects. Two demonstration pilots will be tackled, led by project partners: one dealing with fintech applications and services, and the other with big data on smart grid, both areas with intensive, novel use of personal data which poses specific problems, and with relevant sectoral-regulation. These pilots will be used both to capture the user needs for the project and to validate the intermediate and final results (and get feedback in the first case).