Navigating GDPR Compliance: A Systematic Approach for Software Engineers

Since the introduction of the General Data Protection Regulation (GDPR) in 2018, companies have been faced with the challenge of integrating data protection requirements into their software development processes - under the risk of significant fines. The GDPR affects various phases of the software development lifecycle and places new demands on requirements engineering (requirements management). The enforcement of GDPR has steadily increased in recent years. In the past year alone, the number of fines rose by 32.4%, totaling 2,086, while the average fine reached EUR 2,142,712, according to the GDPR Enforcement Tracker Report 2024.

The regulation obliges both software developers and software users to implement effective measures to protect personal data. However, regulations such as the GDPR are written in legal jargon and require additional effort to be translated into concrete requirements. For this reason, software engineers find it difficult to derive implementable software requirements from the GDPR. It is particularly challenging to identify the relevant aspects and incorporate them into the specifications of the solution architecture.

We are currently investigating the methods for requirements and system specification for GDPR compliance in an ongoing study in the Requirements Engineering competence field in order to support companies in systematizing their processes. In particular, we want to answer the question of which main objectives and aspects the requirements and system specification methods must address in order to ensure compliance with the GDPR.

In cooperation with the Bavarian Center for Software Innovation

The study includes the following activities:

Interviews to gather data on current requirements and system specification practices (conducted one-on-one, either online or offline, lasting approximately 45–55 minutes).
Hands-on exercises to test our proposed method for requirements and system specification, followed by group discussions and experience sharing on existing methods (group activities conducted online or offline, lasting approximately 1 to 1.5 hours).

Your company can become part of the study!

We are looking for companies that would like to analyze their existing requirements and systems specification practices for GDPR compliance and streamline them. Their insights will contribute to the development of practical and efficient solutions for compliance with data protection regulations.

Are you interested?

Get in touch with us and actively shape the future of regulatory requirements engineering. Companies participating in the study will be invited to further test tool support for GDPR compliance which we will develop in the future.

► Click here to register

We look forward to your participation!

Overview

Process

Time frame: Fall 2024

Duration interviews: ~45-55 minutes

Duration hands-on exercises: ~45-55 minutes

Location: Online/Offline

Target group

Roles involved when handling regulatory requirements and solution specification:

product owners, product managers, requirements engineers, solution architects, data architects, data engineers
legal, compliance, and audit experts with experience in collaborating with technical roles

Your benefits

Access to the latest methods for complying with GDPR regulations
Testing opportunity for future compliance tools
Early access to the latest research findings and a comprehensive overview of practice
Individual analysis of the current state of GDPR practice in your company

Registration for study participation

Please register using the form opposite. We will contact you immediately and provide you with comprehensive information about the next steps.

*Mandatory fields

I consent to my personal data being used in order to receive information from fortiss GmbH to send me information by e-mail. I can revoke my consent at any time. Further information can be found in the Data Protection Policy.

I would like to be informed about current topics and events at fortiss GmbH and receive the fortiss newsletter regularly. I can cancel my registration at any time at the end of the newsletter. Further information can be found in the Data Protection Policy.

Name	Purpose	Lifetime	Type	Provider
_pk_id	Used to store a few details about the user such as the unique visitor ID.	13 months	HTML	Matomo
_pk_ref	Used to store the attribution information, the referrer initially used to visit the website.	6 months	HTML	Matomo
_pk_ses	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_cvar	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo
_pk_hsr	Short lived cookie used to temporarily store data for the visit.	30 minutes	HTML	Matomo

Call for study participation