What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis

Evangelia Vanezi; Georgia Kapitsaki; Anna Philippou

doi:10.5220/0012474400003648

What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis

Evangelia Vanezi, Georgia Kapitsaki, Anna Philippou

2024

Abstract

Protecting personal data within software systems is crucial, and as such, several privacy regulations have been enacted, one being the EU’s General Data Protection Regulation (GDPR). While GDPR emphasizes “Purpose Limitation” for rightful personal data handling, the concept of purpose lacks clarity in software development practices. Building on our previous work on DiálogoP, which supports the definition of formal processing purposes, this study introduces purpose-aware system requirements. We present AnálisisP, a methodology for integrating processing purposes into the software engineering requirements analysis phase and visual representations of these enhanced requirements by extending the Unified Modeling Language (UML) Use Case and Sequence diagrams. We show how our approach enables the integration of AnálisisP with DiálogoP towards formal models whose compliance with processing purposes is rigorously validated. Additionally, we showcase how the proposed extended diagrams assist in addressing further GDPR-related system design queries.

Download

Paper Citation

in Harvard Style

Vanezi E., Kapitsaki G. and Philippou A. (2024). What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis. In Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-683-5, SciTePress, pages 907-914. DOI: 10.5220/0012474400003648

in Bibtex Style

@conference{icissp24,
author={Evangelia Vanezi and Georgia Kapitsaki and Anna Philippou},
title={What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis},
booktitle={Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2024},
pages={907-914},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012474400003648},
isbn={978-989-758-683-5},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 10th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - What's Your Purpose? An Approach to Incorporating GDPR Purposes into Requirements Analysis
SN - 978-989-758-683-5
AU - Vanezi E.
AU - Kapitsaki G.
AU - Philippou A.
PY - 2024
SP - 907
EP - 914
DO - 10.5220/0012474400003648
PB - SciTePress