Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study

Citation Author(s):
Ghent University
Submitted by:
Abdel-Jaouad Ab...
Last updated:
Sat, 03/06/2021 - 06:14
Data Format:
0 ratings - Please login to submit your rating.


The General Data Protection Regulation (GDPR), adopted in 2018, profoundly impacts information processing organizations as they must comply with this regulation. In this research, we consider GDPR-compliance as a high-level goal in software development that should be addressed at the offset of software development, meaning during requirements engineering (RE). In this work, we hypothesize that Natural Language Processing (NLP) can offer a viable means to automate this process. We conducted a systematic mapping study to explore the existing literature on the intersection of GDPR, RE, and NLP. As a result, we identified 448 relevant studies, of which the majority (420) were related to NLP and RE. Research on the intersection of GDPR and NLP yielded nine studies, while 20 studies were related to GDPR and RE. Even though only one study was identified on the convergence of GDPR, NLP, and RE, the mapping results indicate opportunities for bridging the gap between these fields. In particular, we identified possibilities for introducing NLP techniques to automate manual RE tasks in the crossing of GDPR and RE, in addition to possibilities of using NLP-based machine learning techniques to achieve GDPR-compliance in RE.


The dataset is the result of a systematic mapping study on the general data protection regulation, natural language processing, and requirements engineering. The mapping is captured in the .xlsx file, whereas the .bib file contains all the references. The .xlsx file which contains the mapping follows the structure as outlined in the corresponding paper, "Exploring Automated GDPR-Compliance in Requirements Engineering: A Systematic Mapping Study".