Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View
The General Data Protection Regulation (GDPR) requires collaborative assessment of software to ensure lawful processing of personal data. Such collaboration, central to the Data Protection Impact Assessment (DPIA), involves diverse stakeholders but is hindered by limited tool support and manual documentation practices.
In prior work, we introduced Assessor View, a tool that visualizes Android app behavior using a data privacy vocabulary and offers tailored views for legal, privacy, and technical experts. This paper extends Assessor View with new features to directly support stakeholders: a partially automated generation of the Record of Processing Activities (RoPA), and a collaborative dashboard to support communication between privacy experts and developers.
We evaluate these enhancements through semi-structured interviews with 6 privacy experts, demonstrating how the tool can better support GDPR-aligned documentation. Our findings indicate that Assessor View’s RoPA feature provides a good overview of the processed data, and enhances understanding and interdisciplinary communication between stakeholders. Demonstration video: https://youtu.be/rVwJDHLj7Pw. Artifacts: https://doi.org/10.5281/zenodo.16151588.
Fri 20 MarDisplayed time zone: Athens change
11:00 - 12:30 | Session 6A - Tools and Techniques for Effective Software DevelopmentIndustrial Track / Journal First Track / Tool Demo Track / Research Track at Panorama Chair(s): NIKIEMA Beninwende Serge Lionel University of Luxembourg | ||
11:00 15mTalk | How Natural Language Proficiency Shapes GenAI Code for Software Engineering Tasks Journal First Track Ruksit Rojpaisarnkit Nara Institute of Science and Technology, Youmei Fan Nara Institute of Science and Technology, Kenichi Matsumoto Nara Institute of Science and Technology, Raula Gaikovina Kula The University of Osaka | ||
11:15 15mTalk | Data Catalog Tools: A Systematic Multivocal Literature Review Journal First Track Marco Tonnarelli JADS - TU/e, Indika Kumara Tilburg University, Stefan Driessen JADS, Tilburg University, Damian Andrew Tamburri University of Sannio - JADS/NXP Semiconductors, Willem-Jan van den Heuvel JADS, Tilburg University, Patrick Oor NXP Semiconductors | ||
11:30 15mTalk | On the Practical Adoption of a Static Performance Anti-Pattern Detector: An Industrial Case Study Industrial Track Lizhi Liao University of Guelph, Weiyi Shang University of Waterloo, Catalin Sporea ERA Environmental Management Solutions, Andrei Toma ERA Environmental Management Solutions, Sarah Sajedi ERA Environmental Management Solutions | ||
11:45 15mTalk | Multi-CoLoR: Context-Aware Localization and Reasoning across Multi-Language Codebases Industrial Track Indira Vats University of Toronto; Advanced Micro Devices (AMD), Sanjukta De Advanced Micro Devices, Subhayan Roy , Saurabh Bodhe , Lejin Varghese , Max Kiehn , Yonas Bedasso Advanced Micro Devices, Marsha Chechik University of Toronto Pre-print | ||
12:00 15mTalk | Diagram-Aware Automatic Review of Software Design Documents Using Multimodal Large Language Models Industrial Track | ||
12:15 7mTalk | Source Code-Driven GDPR Documentation: Supporting RoPA with Assessor View Tool Demo Track Mugdha Khedkar Heinz Nixdorf Institute, Paderborn University, Michael Schlichtig Heinz Nixdorf Institut, Paderborn University, Eric Bodden Heinz Nixdorf Institute at Paderborn University & Fraunhofer IEM Pre-print Media Attached | ||
12:22 7mTalk | RefineID: A Developer-Centric IDE Assistant for Better Identifiers Tool Demo Track | ||