A4 Vertaisarvioitu artikkeli konferenssijulkaisussa
The General Data Protection Regulation: Requirements, Architectures, and Constraints
Tekijät: Kalle Hjerppe, Jukka Ruohonen, Ville Leppänen
Toimittaja: Daniela E. Damian, Anna Perini, Seok-Won Lee
Konferenssin vakiintunut nimi: IEEE International Requirements Engineering Conference
Julkaisuvuosi: 2019
Journal: International Requirements Engineering Conference. Proceedings
Kokoomateoksen nimi: Proceedings of 27th IEEE International Requirements Engineering Conference, RE 2019
Sarjan nimi: International Requirements Engineering Conference. Proceedings
Numero sarjassa: 27
Aloitussivu: 265
Lopetussivu: 275
Sivujen määrä: 11
ISBN: 978-1-7281-3913-5
ISSN: 1090-705X
DOI: https://doi.org/10.1109/RE.2019.00036
Verkko-osoite: https://ieeexplore.ieee.org/document/8920529
Rinnakkaistallenteen osoite: https://arxiv.org/abs/1907.07498
The General Data Protection Regulation (GDPR) in the European Union is the
most famous recently enacted privacy regulation. Despite of the regulation's
legal, political, and technological ramifications, relatively little research
has been carried out for better understanding the GDPR's practical implications
for requirements engineering and software architectures. Building on a grounded
theory approach with close ties to the Finnish software industry, this paper
contributes to the sealing of this gap in previous research. Three questions
are asked and answered in the context of software development organizations.
First, the paper elaborates nine practical constraints under which many small
and medium-sized enterprises (SMEs) often operate when implementing solutions
that address the new regulatory demands. Second, the paper elicits nine
regulatory requirements from the GDPR for software architectures. Third, the
paper presents an implementation for a software architecture that complies both
with the requirements elicited and the constraints elaborated.
