Abstract
The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the outset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that natural language processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, NLP, and RE. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE.
Highlights
As of 25 May 2018, the General Data Protection Regulation (GDPR) came into effect to protect the processing of personal data and endeavoring to assure the rights of data subjects [1]
The final list of retrieved studies and outcome of this systematic mapping study can be found at the following repository: https://aberkane.github.io/SMS_GDPR-natural language processing (NLP)-Requirements Engineering (RE)
The majority of these studies—420 studies—were allocated to the study domain of RQ1, which centers around NLP and RE
Summary
As of 25 May 2018, the General Data Protection Regulation (GDPR) came into effect to protect the processing of personal data and endeavoring to assure the rights of data subjects [1]. It is imperative for organizations to consider GDPR-compliance at the outset of developing information systems For this reason, the GDPR urges organizations to meet, in particular, the principles of data protection by design and data protection by default. By addressing data protection considerations—as decreed by the GDPR—in the development process of software systems, organizations ensure awareness of the regulations among involved professionals and avoid haphazardness in designing the software system. The GDPR defines seven principles related to personal data processing: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability These principles yield the following data subject rights: right of access, right to be informed, right
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
