Navigating GDPR Compliance: A Systematic Approach for Software Engineers
Since the introduction of the General Data Protection Regulation (GDPR) in 2018, companies have been faced with the challenge of integrating data protection requirements into their software development processes - under the risk of significant fines. The GDPR affects various phases of the software development lifecycle and places new demands on requirements engineering (requirements management). The enforcement of GDPR has steadily increased in recent years. In the past year alone, the number of fines rose by 32.4%, totaling 2,086, while the average fine reached EUR 2,142,712, according to the GDPR Enforcement Tracker Report 2024.
The regulation obliges both software developers and software users to implement effective measures to protect personal data. However, regulations such as the GDPR are written in legal jargon and require additional effort to be translated into concrete requirements. For this reason, software engineers find it difficult to derive implementable software requirements from the GDPR. It is particularly challenging to identify the relevant aspects and incorporate them into the specifications of the solution architecture.
We are currently investigating the methods for requirements and system specification for GDPR compliance in an ongoing study in the Requirements Engineering competence field in order to support companies in systematizing their processes. In particular, we want to answer the question of which main objectives and aspects the requirements and system specification methods must address in order to ensure compliance with the GDPR.
In cooperation with the Bavarian Center for Software Innovation
The study includes the following activities:
We are looking for companies that would like to analyze their existing requirements and systems specification practices for GDPR compliance and streamline them. Their insights will contribute to the development of practical and efficient solutions for compliance with data protection regulations.
Are you interested?
Get in touch with us and actively shape the future of regulatory requirements engineering. Companies participating in the study will be invited to further test tool support for GDPR compliance which we will develop in the future.
We look forward to your participation!