Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study

The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the offset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that Natural Language Processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, RE, and NLP. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE.

《通用数据保护条例》（GDPR）自2018年颁布以来，对信息处理组织产生了深远的影响，因为这些组织必须遵守该条例。在本研究中，我们将GDPR合规性视为软件开发中的高级目标，这一目标应在软件开发的初期阶段，即在需求工程（RE）阶段得到解决。在本项工作中，我们假设自然语言处理（NLP）可以提供一种可行的自动化手段。我们进行了一项系统映射研究，以探索GDPR、RE和NLP交叉领域的现有文献。结果，我们确定了448项相关研究，其中大多数（420项）与NLP和RE相关。关于GDPR与NLP交叉领域的研究产生了九项，而与GDPR和RE相关的研究有20项。尽管仅发现一项关于GDPR、NLP和RE融合的研究，但映射结果表明，弥合这些领域之间差距的机会。特别是，我们发现了将NLP技术引入GDPR与RE交叉领域的自动执行手动RE任务的可行性，以及利用基于NLP的机器学习技术实现RE中GDPR合规性的可能性。