Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation

Canedo, Edna Dias; Calazans, Angélica Toffano Seidel; Bandeira, Ian Nery; Costa, Pedro Henrique Teixeira; Masson, Eloisa Toffano Seidel

doi:10.1007/s00766-022-00391-7

Cited by 9 publications

(5 citation statements)

References 71 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Doe [74] shows a general discussion on the implementation of GDPR in the EU. Cordeiro [75] for Portugal, Mitrou [76] for Greece, Faifr and Januska [77] for the Czech Republic and Canedo et al [78] discuss the implementation of the LGPD in Brazil.…”

Section: G Rq4 -Challenges and Enablers For Miscellaneous Category (M...mentioning

confidence: 99%

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Zaguir,

de Magalhães,

de Mesquita Spinola

2024

IEEE Access

View full text Add to dashboard Cite

Compliance with the General Data Protection Regulation (GDPR) or related laws by organizations could require organizational and technological changes. This topic has gained significant attention from management and scholars alike. Although the literature presents some reviews and research articles discussing challenges and enablers for GDPR compliance, they are often scattered and fragmented. One particular challenge is the implementation roadmap gap that arises when using ISO-based standards for compliance in isolation. On the other hand, as enablers for compliance, it raises the potential use of information governance (IG) and enterprise architecture management (EAM) disciplines. This research aims to provide a systematic literature review of the challenges and enablers for GDPR compliance and address this gap. The findings include a categorized list of challenges and enablers, a strategy for bridging the roadmap gap using IG and EAM, and the development of five propositions based on some challenges and enablers around this gap. Moreover, the study proposes a research agenda that includes conceptual work to build an IG-EAM framework, empirical research to verify those propositions, and developing new hypotheses stemming from the review's challenges and enablers. These contributions could enhance both the body of knowledge and managerial privacy practices.

show abstract

Section: G Rq4 -Challenges and Enablers For Miscellaneous Category (M...mentioning

confidence: 99%

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Zaguir,

de Magalhães,

de Mesquita Spinola

2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…In addition, we also identified that the documentation needs to be updated at each change of the software, also reported by Theunissen et al [Theunissen et al 2022] for the smooth running of projects. One of the participants mentioned that "the lack of specification of business requirements that impact legal requirements, such as the Brazilian General Data Protection Law (LGPD) [Canedo et al 2022, Canedo et al 2021 or General Data Protection Regulation (GDPR) [Aberkane et al 2021] may cause legal sanctions, such as changing legislation changing tax calculations or changing input/output layouts". Theunissen et al [Theunissen et al 2022] classified the information necessary for documenting the requirements in context and environment, which encompasses anything that affects the system but is not included in the primary goals, such as legal and environmental issues.…”

Section: Rq2 What Factors Influence Requirements Documentation and La...mentioning

confidence: 99%

On the Challenges to Documenting Requirements in Agile Software Development: A Practitioners’ Perspective

Canedo,

Calazans,

Silva

et al. 2024

Anais Do XXVII Congresso Ibero-Americano Em Engenharia De Software (CIbSE 2024)

Self Cite

View full text Add to dashboard Cite

Agile Software Development (ASD) is an iterative and incremental methodology designed to accelerate project deliveries. In this dynamic environment characterized by constant changes, the task of documenting requirements becomes increasingly challenging, leading to the emergence of the technical debt issue. This research involved a survey of 84 practitioners to identify the techniques and practices employed in documenting software requirements within ASD teams, as well as their perceptions of the documentation process and the challenges, regarding what factors influence it and its consequences. Our key findings indicate that user stories are the most commonly utilized technique by practitioners for documenting requirements. Furthermore, a deficient documentation process results in two primary consequences: rework and a knowledge deficit. To address these challenges, various techniques are implemented across different development phases, including requirement refactoring, documentation refinement meetings, and template reviews. Participants also emphasized the significance of having a requirements expert to enhance the documentation process and expressed uncertainty regarding the adequacy of their existing requirements documentation.

show abstract

“…Agile Privacy emphasizes transparency in data practices and gives users control over their personal data. This includes providing clear and easily accessible privacy notices, as well as giving users options to manage their data preferences (Canedo, et. al., 2022, Egieya, et.…”

Section: Understanding Agile Privacymentioning

confidence: 99%

“…Providing regular education and training for Agile teams on privacy best practices and compliance requirements is essential (Canedo, et. al., 2022, Olurin, et.…”

Section: Case Studiesmentioning

confidence: 99%

Agile privacy in practice: Integrating CCPA and GDPR within agile frameworks in the U.S. tech scene

Excel G Chukwurah

2024

Int. J. Sci. Res. Updates

View full text Add to dashboard Cite

Agile methodologies have revolutionized software development, enabling teams to deliver products more efficiently and responsively. However, integrating privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) within Agile frameworks presents unique challenges. This abstract explores the concept of Agile Privacy in Practice, specifically focusing on how U.S. tech companies can effectively integrate CCPA and GDPR requirements into their Agile development processes. The California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) are landmark privacy regulations that have reshaped the landscape of data protection. These regulations impose stringent requirements on the collection, processing, and storage of personal data, affecting how organizations manage data privacy and comply with legal obligations. In the fast-paced environment of the U.S. tech scene, where Agile methodologies are widely adopted, the challenge lies in reconciling the iterative and dynamic nature of Agile development with the rigid and compliance-driven nature of privacy regulations. To address this challenge, Agile Privacy in Practice proposes a framework that integrates CCPA and GDPR requirements into Agile development processes seamlessly. This framework emphasizes collaboration between cross-functional teams, including privacy experts, legal counsel, and developers, from the early stages of product development. By incorporating privacy considerations into user stories, sprint planning, and retrospectives, teams can identify and address privacy risks iteratively, ensuring that products comply with regulatory requirements. Furthermore, Agile Privacy in Practice advocates for continuous monitoring and adaptation to evolving privacy regulations. By establishing a feedback loop that captures lessons learned from each sprint, teams can refine their approach to privacy compliance and incorporate best practices into future iterations. This approach not only enhances compliance with CCPA and GDPR but also fosters a culture of privacy awareness and responsibility within organizations. In conclusion, Agile Privacy in Practice offers a pragmatic and adaptable framework for U.S. tech companies to navigate the complex landscape of privacy regulations while leveraging the benefits of Agile methodologies. By integrating privacy considerations into the Agile development lifecycle, organizations can mitigate privacy risks, enhance trust with customers, and drive innovation in the digital economy.

show abstract

Guidelines adopted by agile teams in privacy requirements elicitation after the Brazilian general data protection law (LGPD) implementation

Cited by 9 publications

References 71 publications

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

Challenges and Enablers for GDPR Compliance: Systematic Literature Review and Future Research Directions

On the Challenges to Documenting Requirements in Agile Software Development: A Practitioners’ Perspective

Agile privacy in practice: Integrating CCPA and GDPR within agile frameworks in the U.S. tech scene

Contact Info

Product

Resources

About