Legal code and computer code may both seem a set of hardcoded rules, but the former is more than a set of closed rules and needs interpretation which might depend on the context. All those legal aspects shall be operationalized into requirements that can be integrated as first-class citizens in the backlog of the products under development, and which engineers can implement in the products they create.
PDP4E provides a method and tools for the elicitation of privacy-related requirements in systems development projects. Such method takes into account the legal obligations introduced by GDPR and seeks to incorporate them into a development project at the early stages. This approach is mainly inspired by the Problem-based Privacy Analysis (ProPAn). The ProPan method is being extended to be comprehensible enough to the project’s stakeholders and, in particular, to engineers. The requirements management tool for data protection relies upon the Eclipse platform and more specifically upon the Papyrus framework, which is leveraged to support non-privacy savvy engineers during specification, analysis, and elicitation of GDPR-specific requirements.
- Methods and Tools for GDPR Compliance Through Privacy and Data Protection Engineering, April 2018. (Open access)
- PDP4E will build on top of the experience generate by project partners in their participation in the Eclipse Papyrus