A Formal Modeling Scheme for Analyzing a Software System Design against the GDPR
Date
2019ISBN
978-989-758-375-9Publisher
SCITEPRESS - Science and Technology Publications, LdaPlace of publication
Heraklion, Crete, GreeceSource
Proceedings of the 14th International Conference on Evaluation of Novel Approaches to Software EngineeringGoogle Scholar check
Metadata
Show full item recordAbstract
Since the adoption of the EU General Data Protection Regulation (GDPR) in May 2018, designing software systems that conform to the GDPR principles has become vital. Modeling languages can be a facilitator for this process, following the principles of model-driven development. In this paper, we present our work on the usage of a π-calculus-based language for modeling and reasoning about the GDPR provisions of 1) lawfulness of processing by providing consent, 2) consent withdrawal, and 3) right to erasure. A static analysis method based on type checking is proposed to validate that a model conforms to associated privacy requirements. This is the first step towards a rigorous Privacy-By-Design methodology for analyzing and validating a software system model against the GDPR. A use case is presented to discuss and illustrate the framework.