Privacy and Data Protection should be addressed “by design”, that is since the onset of a system or software project rather than as an afterthought. To realize this precept, engineers need to be aware about three categories of essential knowledge, at least. The first one concerns the typical means to conduct system and software engineering (e.g., MBSE, formal methods), the second one inherits the knowhow related to privacy and data protection (e.g., anonymization, minimization, PETs) and the third one is related to principles and provisions within regulations like GDPR (e.g. lawfulness, transparency, fairness). Mastering referred knowledge categories is critical to honour their tenets and to incorporate the necessary aspects to realize the “by-design” precept.


A highly complex process is needed to integrate wisdom and knowhow related to (1) systems and software engineering, (2) privacy and data protection, and (3) legal provisions. In particular, engineers shall need support regarding the legal provisions, since new regulations, like the General Data Protection Regulation (GDPR), are written in a legal jargon which demands interpretation by experts according to the given context. Our choice is to achieve such integration by leveraging selected techniques already used in systems and software engineering, and then, by respectively incorporating techniques and principles related to privacy and regulations. Following a model-driven perspective, we have developed a framework named PDPbD (Privacy and Data Protection by Design) to provide designers and companies with a tool to create system and software models according to their development cycle, amenable to be enriched and then validated to ensure their conformity w.r.t. allocated requirements.


The PDPbD framework, developed in PDP4E, leverages in particular model-driven engineering techniques and platforms like Papyrus in order to support engineers non-savvy in privacy or GDPR so as to conduct essential tasks during systems and software design. Our approach combines three views namely data-oriented, process-oriented, and architecture. These views are consistently entangled and enriched to ensure a three-fold goal:

  • First, the design models shall be in conformity with the requirements integrating the specificities of GDPR and related privacy concerns. For the conformity to be truly ensured, personal data should be accurately and early identified. This means, for instance, identifying and properly labelling which database fields store personal data, which functions carry out data processing operations, and in which components they are supported by.
  • Secondly, the PDPbD framework should implement algorithms and techniques to facilitate the application of strategies for privacy and data protection according to the different model views. In particular, such techniques should leverage existing wisdom and knowhow in privacy and data protection.
  • Last yet not the least, the design phase should provide confidence about the effectiveness of privacy controls elicited during the risk assessment phase. The design views should help to identify conditions for privacy threats to be activated/deactivated.


    The PDPbD framework is released as a module within the Papyrus relative named Privacy Designer (EPL-2 licence).

    Git repository:

    Update Site for installation:

    Training of the tool:

    For any contact: