KIT | KIT-Bibliothek | Impressum | Datenschutz

A Model-Based Framework for Simplified Collaboration of Legal and Software Experts in Data Protection Assessments

Boltz, Nicolas 1; Sterz, Leonie 1; Gerking, Christopher ORCID iD icon 1; Raabe, Oliver 2
1 Institut für Informationssicherheit und Verlässlichkeit (KASTEL), Karlsruher Institut für Technologie (KIT)
2 Institut für Informations- und Wirtschaftsrecht (IIWR), Karlsruher Institut für Technologie (KIT)


The protection of personal data has become an increasingly important issue. Legal norms focused on data protection, such as the GDPR, provide legally binding requirements for systems that process personal data. Article 25 of the GDPR refers to the obligation to Data Protection by Design and Default. This can be achieved by conducting DPLA of the system in the early stages of development and implementing data protection concepts where necessary. This ties in with Article 35, which refers to an obligation to conduct DPLA before the actual processing of data. To aid in conducting continuous DPLA during the design time of software systems, we propose a model-based collaboration framework. This framework not only aids in providing consistent views of the software system for legal experts and software architects but also simplifies communication between both parties. We discuss the overall goals and benefits of such a framework and go into detail about the processes that interact as part of the framework. We also try to align legal concepts with the processes and describe the continuous iterative development using the collaboration framework.

Verlagsausgabe §
DOI: 10.5445/IR/1000152047
Veröffentlicht am 31.10.2022
Cover der Publikation
Zugehörige Institution(en) am KIT Institut für Informationssicherheit und Verlässlichkeit (KASTEL)
Institut für Informations- und Wirtschaftsrecht (IIWR)
Publikationstyp Proceedingsbeitrag
Publikationsjahr 2022
Sprache Englisch
Identifikator ISBN: 978-3-88579-720-3
ISSN: 1617-5468
KITopen-ID: 1000152047
HGF-Programm 46.23.03 (POF IV, LK 01) Engineering Security for Mobility Systems
Erschienen in INFORMATIK 2022, Lecture Notes in Informatics (LNI), Gesellschaft für Informatik. Ed.: D. Demmler
Veranstaltung INFORMATIK 2022 - Jahrestagung der Gesellschaft für Informatik (2022), Hamburg, Deutschland, 26.09.2022 – 30.09.2022
Verlag Gesellschaft für Informatik (GI)
Seiten 521-532
Serie Lecture Notes in Informatics (LNI) - Proceedings ; P-326
Vorab online veröffentlicht am 28.09.2022
Schlagwörter data protection by design, legal assessment, GDPR, software architecture, metamodel, design time
Nachgewiesen in Scopus
KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft
KITopen Landing Page