Specification of Personal Data Protection Requirements - Analysis of Legal Requirements from the GDPR Regulation

Mário Fernandes, Alberto Rodrigues Silva, António Gonçalves

Abstract

The European Union establishes in the Regulation 2016/679, or GDPR (General Data Protection Regulation), a set of legal dispositions to achieve the protection of natural persons in what personal data processing and the free movement of such data is concerned. When those dispositions are considered in the development of information systems, the later become attainable for legal approval within that scope. This paper presents the methodology we are following to elaborate a reusable catalogue of personal data protection requirements aligned with the GDPR. Following a separation-of-concerns approach, the catalogue shall serve the purpose of constructing information systems able to communicate with those that process individuals’ personal data, to materialize the regulatory data protection capabilities disposed in the GDPR. In that context, the elicitation of system requirements demands for the interpretation of a legal document by business analysts, which consists of a scientifically relevant challenge. This research is contextualized by the RSLingo initiative, a model-driven requirements engineering approach for the rigorous specification of system requirements. In particular this paper discusses the GDPR’s requirements defined as a catalogue of both business goals and system goals.

Download


Paper Citation


in Harvard Style

Fernandes M., Rodrigues Silva A. and Gonçalves A. (2018). Specification of Personal Data Protection Requirements - Analysis of Legal Requirements from the GDPR Regulation.In Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-298-1, pages 398-405. DOI: 10.5220/0006810603980405


in Bibtex Style

@conference{iceis18,
author={Mário Fernandes and Alberto Rodrigues Silva and António Gonçalves},
title={Specification of Personal Data Protection Requirements - Analysis of Legal Requirements from the GDPR Regulation},
booktitle={Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2018},
pages={398-405},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006810603980405},
isbn={978-989-758-298-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 20th International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - Specification of Personal Data Protection Requirements - Analysis of Legal Requirements from the GDPR Regulation
SN - 978-989-758-298-1
AU - Fernandes M.
AU - Rodrigues Silva A.
AU - Gonçalves A.
PY - 2018
SP - 398
EP - 405
DO - 10.5220/0006810603980405