Legal requirement elicitation, analysis and specification for a data transparency system

Abstract

Within the growing amount of data through new applications, processes and technologies in companies, legal frameworks according to the processing of data become more important. The new General Data Protection Regulation (GDPR) especially has the intention, to strengthen the rights of Data Subjects in transparency (e.g. Art. 12) and self-control (e.g. Art 15–22). This research aims to develop non-functional-requirements (NFR) for a Data Transparency System for the category legal-contractual. Therefore, we follow the requirement engineering process according to Rupp[29]. As a general source for the development, qualitative expert interviews have been carried out. In order to extend our findings and form categories, we also did a systematic literature review and a structured text analysis of the GDPR. In total, we were able to generate 18 NFR and organized them into the categories Purpose, Obligation, Ownership, Procedures and Integrity and Transparency.