Do you know how GDPR will change the way that you develop? Did you know that it is not just lawyer stuff? (Tip: GDPR is short for "that European law for personal data privacy I'm being spammed about.")
This workshop will address the relation between GDPR and software engineering activities e.g. requirements engineering, risk management, model-driven design, and software assurance. If you are a software/services/systems analyst, designer, architect, QA, or Devops; or you work as a technical lead, product owner or project manager with a technical flavour, you may be interested in this workshop.
The workshop is organized by PDP4E, an Innovation Action funded by the EU Horizon 2020 Programme, which will support developers and engineers in the introduction of privacy and data protection in their products, by providing a set of methods and tools that seamlessly integrate privacy and data protection issues in the usual software/systems engineering workflow. These tools will help engineers provide a systematic response to questions like these:
- How does the GDPR translate into backlog items? Are the rights of the users being appropriately addressed?
- What are the specific privacy threats faced by a complex system? (e.g. when multiple service providers are involved) How do we know if we are facing unknown privacy risks or threats?
- What are the technical measures that can be applied in each case to address them? Which are the best choices?
- How can it be traced if privacy requirements are being met by our system? How do we track evidence that we are abiding by such requirements?
- How can we exploit data which has not been acquired from the data subject?
- And how does all this relate to other legal obligations of transparency? (e.g. to avoid money laundering in financial services, etc.)
- What happens if a user wants to enforce their rights (e.g. access, portability), shall I slit open my databases and reveal the results of my witty risk-balancing algorithms?
This GDPR workshop will provide hints on how you can leverage common engineering artifacts (e.g. backlogs, business-process models, domain models, workflows, database models, dataflow models, etc.) to address privacy and data protection issues. But we also want to hear your voice, and take it into account the the tools we are creating:
- When developing, do you take privacy and personal data protection into account? How do you approach privacy and data protection (if any)? Are you aware of the practical implications of GDPR?
- What difficulties do you encounter to appropriately protect personal data? Do you feel confident enough to know whether you are properly addressing that? Do you have tool support for this? When do you introduce data protection in your engineering workflow? (e.g. at which stage/activities: requirements? validation? operation?)
- Do you think it is relevant? (Why? Or maybe only sometimes? Or 'not for my system'?) Do you know whehter your systems deal with personal data? (Do you know what is strictly personal data?)
PDP4E is being developed by a consortium of academics and industry partners, including several Eclipse Members (CA Technologies, CEA Tech - LIST, Tecnalia Research and Innovation) as well as leading contributors of several open-source projects. Especially, the following Eclipse projects are relevant to PDP4E, whose results are planned to be contributed there:
- A modelling environment that enables model-based design, simulation, analysis, formal testing, etc.; which supports most mainstream modelling standards (e.g. UML, BPMN, etc.), and allows defining domain-specific modelling languages (DSLs). Additional tools created around Papyrus will be leveraged as well, e.g. Eclipse Safety Framework (Sophia), Papyrus for Requirements, etc.
- A customizable safety assurance and certification tool environment, which supports standards & regulations information management, assurance “project” management, compliance management, and modular and incremental certification
This workshop is organized by the PDP4E Innovation Action (Methods and tools for GDPR compliance through Privacy and Data Protection Engineering). This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 787034.