Implementing privacy by design (PbD) according to the General Data Protection Regulation (GDPR) is met with a growing number of requirements engineering (RE) approaches. However, the question of which RE method for PbD fits best the goals of organisations remains a challenge. We report our endeavor to close this gap by synthesizing a goal-centric approach for PbD methods assessment. We used literature review, interviews, and validation with practitioners to achieve the goal of our study. As practitioners do not approach PbD systematically, we suggest that RE methods for PbD should be assessed against organisational goals, rather than process characteristics only. We hope that, when further developed, the goal-centric approach could support the development, selection, and tailoring of RE practices for PbD.
翻译:根据《通用数据保护条例》(GDPR)实施隐私设计(PbD)时,面临越来越多的需求工程(RE)方法。然而,哪种适用于PbD的RE方法最符合组织目标,这一问题仍然具有挑战性。我们通过综合构建一种以目标为中心的PbD方法评估框架来填补这一空白。我们采用文献综述、访谈和从业者验证等方法实现了研究目标。鉴于从业者并未系统性地实施PbD,我们建议针对PbD的RE方法应依据组织目标而非仅依据流程特征进行评估。我们希望,经过进一步发展的以目标为中心的方法能够支持PbD领域RE实践的开发、选择和定制。