“Privacy, Security, Legal and Technology Acceptance Elicited and Consolidated Requirements for a GDPR Compliance Platform”

We are proud to announce that the Defend Team manuscript ICS-01-2020-0002.R1, entitled “Privacy, Security, Legal and Technology Acceptance Elicited and Consolidated Requirements for a GDPR Compliance Platform” has been accepted by the Information and Computer Security Journal – Emerald Publishing. The Ionian University led the Defend Team effort to write the paper.
Below is the abstract of the document.

Purpose: GDPR entered into force in May 2018 for enhancing personal data protection. Even though GDPR leads towards many advantages for the data subjects it turned out to be a significant challenge. Organizations need to implement long and complex changes to become GDPR compliant. Data subjects are empowered with new rights, which however they need to become aware of. GDPR compliance being a challenging matter for the relevant stakeholders calls for a software platform that can support their needs. The aim of the Data govErnance For supportiNg gDpr (DEFeND) EU Project is to deliver such a platform. In this paper, we describe the process, within the DEFeND EU Project, for eliciting and analyzing requirements for such a complex platform.

Design/methodology/approach: The platform needs to satisfy legal and privacy requirements and provide functionalities that data controllers request for supporting GDPR compliance. Further, it needs to satisfy acceptance requirements, for assuring that its users will embrace and use the platform. In this paper, we describe the methodology for eliciting and analyzing requirements for such a complex platform, by analyzing data attained by stakeholders from different sectors.

Findings: Our findings provide the process for the DEFeND platform requirements’ elicitation and an indicative sample of those. We also describe the implementation of a secondary process for consolidating the elicited requirements into a consistent set of platform requirements.

Research/Practical implications: The proposed software engineering methodology and data collection tools (i.e., questionnaires) are expected to have significant impact for software engineers in the academia and industry.

Social implications: It is reported repeatedly that data controllers face difficulties in complying with the GDPR. Our work aims to offer mechanisms and tools that can assist organizations to comply with the GDPR, thus offering significant boost towards the European personal data protection objectives.

Originality/value: This is the first paper to provide software requirements for a GDPR compliance platform, including multiple perspectives.

Keywords: GDPR, compliance, software requirements, prioritization, consolidation.

For more information about the Information and Computer Security Journal – Emerald Publishing visit the following link.