Direct Style Effect Systems -The Print[A] Example- A Comprehension Aid
Wp4 tool demonstration_v1
1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
PDP4E-Req tool
demonstration
Patrick Tessier (CEA)
Gabriel Pedroza (CEA)
Nicolás E. Díaz Ferreyra (UDE)
Maritta Heisel (UDE)
Requirements Engineering Tool and Method
(WP4)
3. Overall process to elicit GDPR
requirements
Assist Engineers to
manage GDPR
Requirements including
upward and downward
traceability
PDP4E 3
11/06/2021 WP4
4. 1. Specify Functional requirements
Goal: Specify functional requirements focusing on processing activities
Example for Smart Grid
R05-02: Data Scientist shall perform analysis on data available in the data sharing
platform. For example, studying grid response to some events in specific locations.
PDP4E-Req tool support: Dedicated extension of Papyrus Req
Feature 1: create SysML Requirements
Feature 2: ensure Requirements management including traceability
WP4 PDP4E 4
11/06/2021
6. 2. Transformation into RDFD
• Goal: Functional requirements are translated into RDFD elements:
PDP4E 6
• Data Record Requirement (DRR): Collection of data records (e.g. personal data)
• Data Process Requirement (DPR): Activities that are performed over data records.
• Data Flow Requirement (DFR): Exchange of information between DRR and DPR.
PDP4E-Req tool support: Activity-like Diagram to support RDFD models
Feature 1: dedicated profile implementing GDPR fundamental notions
Feature 2: traceability between RDFDs and functional Requirements ensured
11/06/2021 WP4
8. 2. Transformation into RDFD -
Personal Information Diagram
Goal: Specify data involved in processing activities and relate high-level concepts
which are necessary when analyzing :
Aggregation of data,
Availability of data to different stakeholders,
Classify/separate personal -and non personal- Data
PDP4E-Req tool support: Dedicated Class-like diagram to support PIDs.
Feature 1: dedicated profile based upon GDPR and added privacy notions
Feature 2: stereotype to identify personal (non-personal) data
PDP4E 8
11/06/2021 WP4
10. 3. Validation of RDFD model
Provide a correct-by-construction RDFD
Model should be in compliance with GDPR meta-model (and respective provisions)
Each error/warning raises an alert for the requirement engineer to consider
For example, for personal data
Who is the DataSubject?
Who is the responsible for processing (i.e., the controller)?
PDP4E-Req tool support: Integrated validation at a click of a button
Feature 1: implemented validation rules based on the GDPR profile
Feature 2: rules for model completeness validation (e.g., missing elements)
Feature 3: rules for model correctness validation (e.g., wrong stereotypes)
WP4 PDP4E 10
11/06/2021
11. 3. Validation outcomes overview
WP4 PDP4E 11
11/06/2021
Errors/Warnings and concerned model elements
Error/warning markers on the model elements
12. 4. GDPR Requirements
generation
PDP4E 12
Goal: Generate the GDPR requirements a system should satisfy
Several categories of requirements can be generated
According to GDPR principles/aspects: lawfulness, transparency, safeguards
According to privacy concerns: anonymity, confidentiality
PDP4E-Req tool support: automatic generation of GDPR requirements
Feature 1: generation based upon GDPR profile
Feature 2: automatic model structuring to ease requirements exploration
Feature 3: dedicated package to store generated requirements
Feature 4: traceability between functional (system-to-be) and GDPR requirements
Feature 5: interactive help in case model information is missing prior to generation
Feature 6: dedicated interface to ease upwards and downwards requirement search
11/06/2021 WP4
13. 4. Overview of PDP4E-Req interface
WP4 PDP4E 13
11/06/2021
Selection of GDPR category GDPR requirements generated
14. 4. Upwards and downwards
traceability and search
Support for req. engineering tasks:
Find/show functional Requirements containing GDPR requirements
Show GDPR requirements structure (as a tree)
Help to explore and understand GDPR requirements structure (parents, children)
Model explorer customization to display:
Sub requirements even if there are not in the same package
Display the number of GDPR requirements in the sub-tree
Dedicated view to display set of requirements that should be satisfied.
Color code: blue for GDPR requirements, black for functional requirements
Possibility to filter requirements
WP4 PDP4E 14
11/06/2021
15. 4. Upwards and downwards
traceability and search overviews
WP4 PDP4E 15
11/06/2021
Functional and GDPR requirements associated GDPR Requirements View
16. Summary of achievements
PDP4E-Req released as open-source (EPL-2):
https://git.eclipse.org/c/papyrus/org.eclipse.papyrus-privacydesigner.git/
PDP4E-Req site to facilitate installation:
https://ci.eclipse.org/papyrus/view/privacydesigner/job/privacydesigner-2020-06/
PDP4E-Req implements the methodology for RE targeting PDP:
DFD for requirements (RDFD)
Structuration of data and personal data (PID)
Support for model validation (correctness)
Automatic generation of GDPR and data protection requirements
Dedicated GUI to search and navigate into the requirements structure
PDP4E 16
11/06/2021 WP4
17. Acknowledgements
29/06/2021
This project has received funding from the European Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034.
Purpose and IPR Notice: the material in this support has been mostly prepared by CEA in the scope of PDP4E for explanatory
and training purposes. Any partial or full usage of this material in a different context requires written and explicit consent from
the respective partners. The property of the contents herein referred (including methods, tools and trademarks) belongs to the
respective IPR and copyright holders.
PDP4E 17
WP4
18. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
For more information, visit:
www.pdp4e-project.org
Thank you for your attention
Questions?
WP Leader: CEA
gabriel.pedroza@cea.fr
patrick.tessier@cea.fr