Automated Consistency of Legal and Software Architecture System Specifications for Data Protection Analysis

Aus SDQ-Institutsseminar
Vortragende(r) Tom Hüller
Vortragstyp Bachelorarbeit
Betreuer(in) Nicolas Boltz
Termin Fr 3. November 2023
Vortragsmodus in Präsenz
Kurzfassung Data breaches exposing personal information mean a significant loss of customer trust and leave companies vulnerable to civil lawsuits. This makes identifying problems in early development phases an important part of keeping software development costs predictable and manageable.

In this thesis, we present approaches that allow system architects to extract legal specifications from artifacts created during system design and analyze them for GDPR compliance. We provide a model transformation between a DFD representation and a GDPR metamodel, which aims to model some of the complex requirements of the GDPR. The transformations work in both directions while keeping additional information to allow the architect to make changes to the system on either the architectural or legal side of the transformation. We provide an analysis tool that is able to identify GDPR violations on the GDPR metamodel, allowing analysis on both sides of the transformation.