Legal code and computer code may both seem a set of hardcoded rules, but the former is more than a set of closed rules and needs interpretation which might depend on the context. All those legal aspects shall be operationalized into requirements that can be integrated as first-class citizens in the backlog of the products under development, and which engineers can implement in the products they create.
WHY REQUIREMENTS ENGINEERING?
In any system or software development project, the elicitation of requirements is one of the key primary steps. However, the typical functional requirements should in addition be completed so as to address the stakes regarding privacy and data protection whenever data are involved, and in particular personal data. This is indeed prescribed by the General Data Protection Regulation (GDPR), enacted by the European Council in 2018. That is the main reason PDP4E implements in its mainstream a method and tool, named PDP4E-Req, to support engineers during the elicitation of requirements integrating GDPR provisions and privacy principles.
Since PDP4E-Req remains an important part of our tool-chain, several features were added in order to ensure its genericity and configurability. In particular, since privacy concerns may appear across different domains, our tool remains domain-agnostic yet still amenable for specialization according to the user needs (e.g., for configuration) and to the specific domain and company context. The tool provides a framework amenable for engineers non-savvy on GDPR or privacy matters. Following a model-driven approach, given a model of a system-to-be, the tool allows automatic generation of requirements to ensure system compliance w.r.t. GDPR provisions.
WHERE TO FIND PDP4E-Req?
PDP4-Req is released as a module within the Papyrus relative named Privacy Designer (EPL-2 licence).
Open Source Git repository: https://git.eclipse.org/c/papyrus/org.eclipse.papyrus-privacydesigner.git/
Training of the tool: https://youtu.be/fCpKXhwtshc