GDPR Compliance

Call for study participation

Navigating GDPR Compliance: A Systematic Approach for Software Engineers

Since the introduction of the General Data Protection Regulation (GDPR) in 2018, companies have been faced with the challenge of integrating data protection requirements into their software development processes - under the risk of significant fines. The GDPR affects various phases of the software development lifecycle and places new demands on requirements engineering (requirements management). The enforcement of GDPR has steadily increased in recent years. In the past year alone, the number of fines rose by 32.4%, totaling 2,086, while the average fine reached EUR 2,142,712, according to the GDPR Enforcement Tracker Report 2024.

The regulation obliges both software developers and software users to implement effective measures to protect personal data. However, regulations such as the GDPR are written in legal jargon and require additional effort to be translated into concrete requirements. For this reason, software engineers find it difficult to derive implementable software requirements from the GDPR. It is particularly challenging to identify the relevant aspects and incorporate them into the specifications of the solution architecture.

We are currently investigating the methods for requirements and system specification for GDPR compliance in an ongoing study in the Requirements Engineering competence field in order to support companies in systematizing their processes. In particular, we want to answer the question of which main objectives and aspects the requirements and system specification methods must address in order to ensure compliance with the GDPR.

In cooperation with the Bavarian Center for Software Innovation

The study includes the following activities:

  • Interviews to gather data on current requirements and system specification practices (conducted one-on-one, either online or offline, lasting approximately 45–55 minutes).
  • Hands-on exercises to test our proposed method for requirements and system specification, followed by group discussions and experience sharing on existing methods (group activities conducted online or offline, lasting approximately 1 to 1.5 hours).

Your company can become part of the study!

We are looking for companies that would like to analyze their existing requirements and systems specification practices for GDPR compliance and streamline them. Their insights will contribute to the development of practical and efficient solutions for compliance with data protection regulations.

Are you interested?

Get in touch with us and actively shape the future of regulatory requirements engineering. Companies participating in the study will be invited to further test tool support for GDPR compliance which we will develop in the future.

► Click here to register

We look forward to your participation!

Overview

Process

  • Time frame: Fall 2024
  • Duration interviews: ~45-55 minutes
  • Duration hands-on exercises: ~45-55 minutes
  • Location: Online/Offline

Target group

Roles involved when handling regulatory requirements and solution specification:

  • product owners, product managers, requirements engineers, solution architects, data architects, data engineers
  • legal, compliance, and audit experts with experience in collaborating with technical roles

Your benefits

  • Access to the latest methods for complying with GDPR regulations
  • Testing opportunity for future compliance tools
  • Early access to the latest research findings and a comprehensive overview of practice
  • Individual analysis of the current state of GDPR practice in your company

Registration for study participation

Please register using the form opposite. We will contact you immediately and provide you with comprehensive information about the next steps.

*Mandatory fields
 Oleksandr Kosenkov

Your contact

Oleksandr Kosenkov

+49 89 3603522 195
kosenkov@fortiss.org