PDPReq tool demonstration

1. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
PDP4E-Req tool
demonstration
Patrick Tessier (CEA)
Gabriel Pedroza (CEA)
Nicolás E. Díaz Ferreyra (UDE)
Maritta Heisel (UDE)
Requirements Engineering Tool and Method
(WP4)

2. 11/06/2021 PDP4E
PDP4E Privacy Req. Engineering Method
Tool
Requirement Information
Deduction
ProPAn Artefacts
PDP Goal
Requirement
Metamodel
Data Protection
Principle
Hansen
Generation of Privacy
Requirement Candidates
Semantic Template
Adjust Privacy
Requirements
Validate Privacy
Requirements
Requirement Information
Privacy Requirement Candidates
Adjusted Privacy Requirements
Validated Privacy Requirements
Method Step
External Input
Internal Input/output
P-DFD
ProPAn
Taxonomy
PDP Metamodel
External Input (new)
X
PDP4E Req
WP4

3. Overall process to elicit GDPR
requirements
Assist Engineers to
manage GDPR
Requirements including
upward and downward
traceability
PDP4E 3
11/06/2021 WP4

4. 1. Specify Functional requirements
Goal: Specify functional requirements focusing on processing activities
Example for Smart Grid
R05-02: Data Scientist shall perform analysis on data available in the data sharing
platform. For example, studying grid response to some events in specific locations.
 PDP4E-Req tool support: Dedicated extension of Papyrus Req
Feature 1: create SysML Requirements
Feature 2: ensure Requirements management including traceability
WP4 PDP4E 4
11/06/2021

5. Functional requirements overview
 Functional requirements model
WP4 PDP4E 5
11/06/2021

6. 2. Transformation into RDFD
• Goal: Functional requirements are translated into RDFD elements:
PDP4E 6
• Data Record Requirement (DRR): Collection of data records (e.g. personal data)
• Data Process Requirement (DPR): Activities that are performed over data records.
• Data Flow Requirement (DFR): Exchange of information between DRR and DPR.
PDP4E-Req tool support: Activity-like Diagram to support RDFD models
Feature 1: dedicated profile implementing GDPR fundamental notions
Feature 2: traceability between RDFDs and functional Requirements ensured
11/06/2021 WP4

7. 2. RDFD model overview
02/12/2019 15 PDP4E 7

8. 2. Transformation into RDFD -
Personal Information Diagram
Goal: Specify data involved in processing activities and relate high-level concepts
which are necessary when analyzing :
Aggregation of data,
Availability of data to different stakeholders,
Classify/separate personal -and non personal- Data
PDP4E-Req tool support: Dedicated Class-like diagram to support PIDs.
Feature 1: dedicated profile based upon GDPR and added privacy notions
Feature 2: stereotype to identify personal (non-personal) data
PDP4E 8
11/06/2021 WP4

9. 2. PID model overview
WP4 PDP4E 9
11/06/2021

10. 3. Validation of RDFD model
 Provide a correct-by-construction RDFD
 Model should be in compliance with GDPR meta-model (and respective provisions)
 Each error/warning raises an alert for the requirement engineer to consider
 For example, for personal data
 Who is the DataSubject?
 Who is the responsible for processing (i.e., the controller)?
PDP4E-Req tool support: Integrated validation at a click of a button
Feature 1: implemented validation rules based on the GDPR profile
Feature 2: rules for model completeness validation (e.g., missing elements)
Feature 3: rules for model correctness validation (e.g., wrong stereotypes)
WP4 PDP4E 10
11/06/2021

11. 3. Validation outcomes overview
WP4 PDP4E 11
11/06/2021
Errors/Warnings and concerned model elements 
Error/warning markers on the model elements 

12. 4. GDPR Requirements
generation
PDP4E 12
 Goal: Generate the GDPR requirements a system should satisfy
 Several categories of requirements can be generated
 According to GDPR principles/aspects: lawfulness, transparency, safeguards
 According to privacy concerns: anonymity, confidentiality
PDP4E-Req tool support: automatic generation of GDPR requirements
 Feature 1: generation based upon GDPR profile
 Feature 2: automatic model structuring to ease requirements exploration
 Feature 3: dedicated package to store generated requirements
 Feature 4: traceability between functional (system-to-be) and GDPR requirements
 Feature 5: interactive help in case model information is missing prior to generation
 Feature 6: dedicated interface to ease upwards and downwards requirement search
11/06/2021 WP4

13. 4. Overview of PDP4E-Req interface
WP4 PDP4E 13
11/06/2021
Selection of GDPR category  GDPR requirements generated 

14. 4. Upwards and downwards
traceability and search
Support for req. engineering tasks:
 Find/show functional Requirements containing GDPR requirements
 Show GDPR requirements structure (as a tree)
 Help to explore and understand GDPR requirements structure (parents, children)
 Model explorer customization to display:
 Sub requirements even if there are not in the same package
 Display the number of GDPR requirements in the sub-tree
 Dedicated view to display set of requirements that should be satisfied.
 Color code: blue for GDPR requirements, black for functional requirements
 Possibility to filter requirements
WP4 PDP4E 14
11/06/2021

15. 4. Upwards and downwards
traceability and search overviews
WP4 PDP4E 15
11/06/2021
Functional and GDPR requirements associated  GDPR Requirements View 

16. Summary of achievements
 PDP4E-Req released as open-source (EPL-2):
https://git.eclipse.org/c/papyrus/org.eclipse.papyrus-privacydesigner.git/
 PDP4E-Req site to facilitate installation:
https://ci.eclipse.org/papyrus/view/privacydesigner/job/privacydesigner-2020-06/
PDP4E-Req implements the methodology for RE targeting PDP:
 DFD for requirements (RDFD)
 Structuration of data and personal data (PID)
 Support for model validation (correctness)
 Automatic generation of GDPR and data protection requirements
 Dedicated GUI to search and navigate into the requirements structure
PDP4E 16
11/06/2021 WP4

17. Acknowledgements
29/06/2021
This project has received funding from the European Union’s Horizon 2020 research and innovation
programme under grant agreement No 787034.
Purpose and IPR Notice: the material in this support has been mostly prepared by CEA in the scope of PDP4E for explanatory
and training purposes. Any partial or full usage of this material in a different context requires written and explicit consent from
the respective partners. The property of the contents herein referred (including methods, tools and trademarks) belongs to the
respective IPR and copyright holders.
PDP4E 17
WP4

18. Methods and Tools for GDPR Compliance through
Privacy and Data
Protection 4 Engineering
For more information, visit:
www.pdp4e-project.org
Thank you for your attention
Questions?
WP Leader: CEA
gabriel.pedroza@cea.fr
patrick.tessier@cea.fr