Goal-modeling privacy-by-design patterns for supporting GDPR compliance

The introduction of the European General Data Protection Regulation (GDPR) has imposed obligations on organisations collecting data in the EU. This has been beneficial to citizens due to rights reinforcement achieved as data subjects. However, obligations heavily affected organisations, and their privacy requirements analysts, having issues with interpreting and implementing GDPR principles. This paper proposes visual GDPR Patterns supporting analysts through Privacy-by- Design (PbD) and GDPR compliance analysis. In order to achieve that, we extended a requirements modeling tool, SecTro, which is used to assist analysts in creating visual requirements models. Specifically, we extended SecTro with novel visual GDPR patterns representing GDPR principles. We evaluated the patterns in a healthcare case study. The evaluation results suggest that the GDPR patterns can help analysts in PbD modeling analysis, by representing GDPR principles and considering relevant ready-to-use alternatives, towards achieving GDPR compliance