Design Principles for the General Data Protection Regulation

A Formal Concept Analysis and its Evaluation

Damian A. Tamburri

AData and software are nowadays one and the same: for this very reason, the European Union (EU) and other governments introduce frameworks for data protection — a key example being the General Data Protection Regulation (GDPR). However, GDPR compliance is not straightforward: its text is not written by software or information engineers but rather, by lawyers and policy-makers.

Learn More

Research Questions

1. What software design principles enable GDPR-compliance by-design?

"Research question 1 is aimed at distilling any widely applicable laws, guidelines,biases and design considerations reﬂecting the accumulated knowldge and experience garnered through FCA analysis of the regulation; examples of similar design principles are the SOLID object-oriented design principles."

2. Are there any distinguishable levels of design complexity and thus GDPR-compliance?

"Research question 2 is aimed at understanding whether the regulation encapsulates any distinguishable and superimposed levels of design complexity, namely, any sets of concepts and requirements which depend on other requirements which must be satisﬁed ﬁrst; in that case, the regulation would also encapsulate an implicit sequence of design steps which must be undertaken for compliance."

3. What are the most important requirements the GDPR puts forth?

" Furthermore, research question 3 is aimed at understanding whether there exist concepts and requirements in the regulation which are depended upon by most others; these key requirements must be upheld ﬁrst"

4. How do the ﬁndings relate to real-world GDPR compliance cases

"Finally, research question 4 is intended as a reality-check to test the ﬁndings elicited as part of RQs 1-3 against real-life GDPR-compliance examples."