A4 Refereed article in a conference publication

The General Data Protection Regulation: Requirements, Architectures, and Constraints




AuthorsKalle Hjerppe, Jukka Ruohonen, Ville Leppänen

EditorsDaniela E. Damian, Anna Perini, Seok-Won Lee

Conference nameIEEE International Requirements Engineering Conference

Publication year2019

JournalInternational Requirements Engineering Conference. Proceedings

Book title Proceedings of 27th IEEE International Requirements Engineering Conference, RE 2019

Series titleInternational Requirements Engineering Conference. Proceedings

Number in series27

First page 265

Last page275

Number of pages11

ISBN978-1-7281-3913-5

ISSN1090-705X

DOIhttps://doi.org/10.1109/RE.2019.00036

Web address https://ieeexplore.ieee.org/document/8920529

Self-archived copy’s web addresshttps://arxiv.org/abs/1907.07498


Abstract

The General Data Protection Regulation (GDPR) in the European Union is the
most famous recently enacted privacy regulation. Despite of the regulation's
legal, political, and technological ramifications, relatively little research
has been carried out for better understanding the GDPR's practical implications
for requirements engineering and software architectures. Building on a grounded
theory approach with close ties to the Finnish software industry, this paper
contributes to the sealing of this gap in previous research. Three questions
are asked and answered in the context of software development organizations.
First, the paper elaborates nine practical constraints under which many small
and medium-sized enterprises (SMEs) often operate when implementing solutions
that address the new regulatory demands. Second, the paper elicits nine
regulatory requirements from the GDPR for software architectures. Third, the
paper presents an implementation for a software architecture that complies both
with the requirements elicited and the constraints elaborated.



Last updated on 2024-26-11 at 15:20