A Model-Based Framework for Simplified Collaboration of Legal and Software Experts in Data Protection Assessments

The protection of personal data has become an increasingly important issue. Legal norms focused on data protection, such as the GDPR, provide legally binding requirements for systems that process personal data. Article 25 of the GDPR refers to the obligation to Data Protection by Design and Default. This can be achieved by conducting DPLA of the system in the early stages of development and implementing data protection concepts where necessary. This ties in with Article 35, which refers to an obligation to conduct DPLA before the actual processing of data. To aid in conducting continuous DPLA during the design time of software systems, we propose a model-based collaboration framework. This framework not only aids in providing consistent views of the software system for legal experts and software architects but also simplifies communication between both parties. We discuss the overall goals and benefits of such a framework and go into detail about the processes that interact as part of the framework. We also try to align legal concepts with the processes and describe the continuous iterative development using the collaboration framework.