Skip to main content
SpringerLink
Log in

Requirements for Legally Compliant Software Based on the GDPR

  • Conference paper
  • First Online:
On the Move to Meaningful Internet Systems. OTM 2018 Conferences (OTM 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11230))

Abstract

We identify 74 generic, reusable technical requirements based on the GDPR that can be applied to software products which process personal data. The requirements can be traced to corresponding articles and recitals of the GDPR and fulfill the key principles of lawfulness and transparency. Therefore, we present an approach to requirements engineering with regard to developing legally compliant software that satisfies the principles of privacy by design, privacy by default as well as security by design.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AK Technik der Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder: Das Standard-Datenschutzmodell - Eine Methode zur Datenschutzberatung und -prüfung auf der Basis einheitlicher Gewährleistungsziele. von der 95. Konferenz der unabhängigen Datenschutzbehörden des Bundes und der Länder, April 2018. https://www.datenschutzzentrum.de/uploads/sdm/SDM-Methode_V1.1.pdf, v. 1.1. Accessed 13 July 2018

  2. Beckers, K., Faßbender, S., Küster, J.-C., Schmidt, H.: A pattern-based method for identifying and analyzing laws. In: Regnell, B., Damian, D. (eds.) REFSQ 2012. LNCS, vol. 7195, pp. 256–262. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28714-5_23

    Chapter  Google Scholar 

  3. Boardman, R., Mullock, J., Mole, A.: Bird & bird & guide to the general data protection regulation, May 2017. https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird-bird-guide-to-the-general-data-protection-regulation.pdf?la=en. Accessed 13 July 2018

  4. Bräunlich, K., Richter, P., Grimm, R., Roßnagel, A.: Verbindung von CC-Schutzprofilen mit der Methode rechtlicher IT-Gestaltung KORA. Datenschutz und Datensicherheit-DuD 35(2), 129–135 (2011)

    Article  Google Scholar 

  5. Breaux, T.D.: Legal requirements acquisition for the specification of legally compliant information systems. Ph.D. thesis, North Carolina State University (2009). https://repository.lib.ncsu.edu/bitstream/handle/1840.16/3376/etd.pdf?sequence=1&isAllowed=y. Accessed 17 July 2018

  6. Cesar, J., Debussche, J.: Novel EU legal requirements in big data security: big data-big security headaches. J. Intell. Prop. Info. Tech. Elec. Com. L. 8, 79–88 (2017)

    Google Scholar 

  7. Christian, T.: Security requirements reusability and the square methodology. Technical report, Carnegie-Mellon University, September 2010. http://www.dtic.mil/dtic/tr/fulltext/u2/a532572.pdf. Accessed 17 July 2018

  8. Colesky, M., Hoepman, J.H., Hillen, C.: A critical analysis of privacy design strategies. In: Security and Privacy Workshops (SPW), pp. 33–40. IEEE (2016)

    Google Scholar 

  9. Compagna, L., El Khoury, P., Krausová, A.: How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns. Artif. Intell. Law 17(1), 1–30 (2009)

    Article  Google Scholar 

  10. Danezis, G., Domingo-Ferrer, J., et al.: Privacy and data protection by design - from policy to engineering. Technical report, ENISA, December 2014. https://arxiv.org/ftp/arxiv/papers/1501/1501.03726.pdf. Accessed 13 July 2018

  11. Diver, L., Schafer, B.: Opening the black box: petri nets and privacy by design. Int. Rev. Law Comput. Technol. 31(1), 68–90 (2017)

    Article  Google Scholar 

  12. European Union: General Data Protection Regulation (GDPR): Articles (2018). https://gdpr-info.eu/. Accessed 13 July 2018

  13. European Union: General Data Protection Regulation (GDPR): Recitals (2018). https://gdpr-info.eu/recitals/. Accessed 13 July 2018

  14. Hammer, V., Roßnagel, A., Pordesch, U.: KORA: Konkretisierung rechtlicher Anforderungen zu technischen Gestaltungsvorschlägen für IuK-Systeme. provet (1992)

    Google Scholar 

  15. Hansen, M.: SDM-Bausteine, July 2018. https://www.datenschutzzentrum.de/sdm/bausteine/. Accessed 13 July 2018

  16. Hoffmann, A., Hoffmann, H., Leimeister, J.M.: Anforderungen an software requirement pattern in der Entwicklung sozio-technischer Systeme. In: Lecture Notes in Informatics, pp. 379–393. Ges. für Informatik (2012). Accessed 17 July 2018

    Google Scholar 

  17. Hoffmann, A., Schulz, T., Hoffmann, H., Jandt, S., Roßnagel, A., Leimeister, J.: Towards the use of software requirement patterns for legal requirements. In: 2nd International Requirements Engineering Efficiency Workshop (REEW) 2012 at REFSQ 2012, Essen, Germany. SSRN Journal (SSRN Electronic Journal) (2012)

    Google Scholar 

  18. i-SCOOP: GDPR: legal grounds for lawful processing of personal data, July 2018. https://www.i-scoop.eu/gdpr/legal-grounds-lawful-processing-personal-data/. Accessed 13 July 2018

  19. ico.: Guide to the General Data Protection Regulation (GDPR), March 2018. https://ico.org.uk/media/for-organisations/guide-to-the-general-data-protection-regulation-gdpr-1-0.pdf, version 1.0.122. Accessed 13 July 2018

  20. Jensen, J., Tøndel, I.A., Jaatun, M.G., Meland, P.H., Andresen, H.: Reusable security requirements for healthcare applications. In: International Conference on Availability, Reliability and Security, ARES 2009, pp. 380–385. IEEE (2009)

    Google Scholar 

  21. Kalloniatis, C., Mouratidis, H., Vassilis, M., Islam, S.: Towards the design of secure and privacy-oriented information systems in the cloud: identifying the major concepts. Comput. Stand. Interfaces 36(4), 759–775 (2014)

    Article  Google Scholar 

  22. Otto, P.N., Antón, A.I.: Addressing legal requirements in requirements engineering. In: 15th IEEE International Requirements Engineering Conference, RE 2007, pp. 5–14. IEEE (2007)

    Google Scholar 

  23. Ringmann, S.D., Langweg, H.: Determining security requirements for cloud-supported routing of physical goods. In: 2017 IEEE Conference on Communications and Network Security (CNS), pp. 514–521. IEEE (2017)

    Google Scholar 

  24. Simić-Draws, D., Neumann, S., et al.: Holistic and law compatible IT security evaluation: integration of common criteria, ISO 27001/IT-Grundschutz and KORA. Int. J. Inf. Secur. Privacy 7(3), 16–35 (2013)

    Article  Google Scholar 

  25. Toval, A., Olmos, A., Piattini, M.: Legal requirements reuse: a critical success factor for requirements quality and personal data protection. In: Proceedings IEEE Joint International Conference on Requirements Engineering, pp. 95–103 (2002)

    Google Scholar 

  26. Toval, A., Nicolás, J., Moros, B., García, F.: Requirements reuse for improving information systems security: a practitioner’s approach. Requirements Eng. 6(4), 205–219 (2002)

    Article  Google Scholar 

  27. Velasco, J.L., Valencia-García, R., Fernández-Breis, J.T., Toval, A.: Modelling reusable security requirements based on an ontology framework. J. Res. Practice Inf. Technol. 41(2), 119 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Siemens Postal, Parcel & Airport Logistics GmbH, Konstanz, Germany

    Sandra Domenique Ringmann

  2. HTWG Konstanz University of Applied Sciences, Konstanz, Germany

    Sandra Domenique Ringmann & Hanno Langweg

  3. University of Konstanz, Konstanz, Germany

    Sandra Domenique Ringmann & Marcel Waldvogel

  4. Department of Information Security and Communication Technology, Faculty of Information Technology and Electrical Engineering, NTNU, Norwegian University of Science and Technology, Gjøvik, Norway

    Hanno Langweg

Authors
  1. Sandra Domenique Ringmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hanno Langweg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marcel Waldvogel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sandra Domenique Ringmann .

Editor information

Editors and Affiliations

  1. CNRS, University of Lorraine, Vandoeuvre-les-Nancy, France

    Hervé Panetto

  2. Trinity College Dublin, Dublin, Ireland

    Christophe Debruyne

  3. Luxembourg Institute of Science and Technology, Esch-sur-Alzette, Luxembourg

    Henderik A. Proper

  4. Università degli Studi di Milano, Crema, Italy

    Claudio Agostino Ardagna

  5. SINTEF and University of Oslo, Oslo, Norway

    Dumitru Roman

  6. TU Graz, Graz, Austria

    Robert Meersman

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ringmann, S.D., Langweg, H., Waldvogel, M. (2018). Requirements for Legally Compliant Software Based on the GDPR. In: Panetto, H., Debruyne, C., Proper, H., Ardagna, C., Roman, D., Meersman, R. (eds) On the Move to Meaningful Internet Systems. OTM 2018 Conferences. OTM 2018. Lecture Notes in Computer Science(), vol 11230. Springer, Cham. https://doi.org/10.1007/978-3-030-02671-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-02671-4_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-02670-7

  • Online ISBN: 978-3-030-02671-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation