" DData and software are nowadays one and the same: for this very reason,the European
Union (EU) and other governments introduce frameworks fordata protection — a key example
being the General Data Protection Regula-tion (GDPR). However, GDPR compliance is not straightforward:
its text isnot written by software or information engineers but rather, by lawyers andpolicy-makers.
As a design aid to information engineers aiming for GDPRcompliance, as well as an aid to software users’
understanding of the regu-lation, this article offers a systematic synthesis and discussion of it,
distilledby the mathematical analysis method known as Formal Concept Analysis(FCA). By its principles,
GDPR is synthesized as aconcept lattice, that is,a formal summary of the regulation, featuring 144372 records
— its uses aremanifold. For example, the lattice captures so-calledattribute implications,the implicit
logical relations across the regulation, and their intensity. Theseresults can be used as drivers during
systems and services (re-)design, devel-opment, operation, or information systems’ refactoring
towards more GDPRconsistency. "
Keywords:Privacy-By-Design, GDPR, Formal-Concept Analysis