Continuous Requirements: An Example Using GDPR

2019 IEEE 27th International Requirements Engineering Conference Workshops (REW) Pub Date : 2019-09-01 DOI:10.1109/REW.2019.00031

Ze Shi Li, Colin M. Werner, Neil A. Ernst

{"title":"Continuous Requirements: An Example Using GDPR","authors":"Ze Shi Li, Colin M. Werner, Neil A. Ernst","doi":"10.1109/REW.2019.00031","DOIUrl":null,"url":null,"abstract":"Recently, a stringent set of privacy regulations, the General Data Protection Regulation (GDPR), was enacted in the European Union, which can be considered a privacy non-functional requirement (NFR). As a result, an organization that collects or processes data from European citizens must adhere to the GDPR. Previous studies have shown that compliance to the GDPR poses a number of challenges, which we have confirmed in our own research. In this paper, we describe our ongoing research collaboration with a startup organization that is adopting the GDPR. In addition, during the course of our research, we found that our industry collaborator, practices continuous integration (CI) like many other organizations. The number of organizations adopting CI has increased since Fowler first published his definition of CI. As such, another aspect of our current research is exploring the effects of CI on privacy NFRs and other NFRs. Finally, we describe a design science approach to iteratively learn about industry challenges in GDPR compliance, NFRs in the context of CI, as well as our ongoing work creating a tool to potentially mitigate observed GDPR compliance challenges.","PeriodicalId":166923,"journal":{"name":"2019 IEEE 27th International Requirements Engineering Conference Workshops (REW)","volume":"17 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE 27th International Requirements Engineering Conference Workshops (REW)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/REW.2019.00031","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Recently, a stringent set of privacy regulations, the General Data Protection Regulation (GDPR), was enacted in the European Union, which can be considered a privacy non-functional requirement (NFR). As a result, an organization that collects or processes data from European citizens must adhere to the GDPR. Previous studies have shown that compliance to the GDPR poses a number of challenges, which we have confirmed in our own research. In this paper, we describe our ongoing research collaboration with a startup organization that is adopting the GDPR. In addition, during the course of our research, we found that our industry collaborator, practices continuous integration (CI) like many other organizations. The number of organizations adopting CI has increased since Fowler first published his definition of CI. As such, another aspect of our current research is exploring the effects of CI on privacy NFRs and other NFRs. Finally, we describe a design science approach to iteratively learn about industry challenges in GDPR compliance, NFRs in the context of CI, as well as our ongoing work creating a tool to potentially mitigate observed GDPR compliance challenges.

查看原文本刊更多论文

持续需求:以GDPR为例

最近，欧盟颁布了一套严格的隐私法规——《通用数据保护条例》(GDPR)，这可以被视为隐私非功能要求(NFR)。因此，收集或处理欧洲公民数据的组织必须遵守GDPR。之前的研究表明，遵守GDPR会带来许多挑战，我们在自己的研究中也证实了这一点。在本文中，我们描述了我们与一家采用GDPR的初创公司正在进行的研究合作。此外，在我们的研究过程中，我们发现我们的行业合作伙伴像许多其他组织一样实践持续集成(CI)。自从Fowler首次发表了他的CI定义以来，采用CI的组织数量有所增加。因此，我们当前研究的另一个方面是探索CI对隐私NFRs和其他NFRs的影响。最后，我们描述了一种设计科学方法，以迭代地了解GDPR合规性方面的行业挑战，CI背景下的NFRs，以及我们正在进行的创建工具的工作，以潜在地减轻观察到的GDPR合规性挑战。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2019 IEEE 27th International Requirements Engineering Conference Workshops (REW)

自引率

0.00%

发文量