{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,12]],"date-time":"2026-03-12T05:53:32Z","timestamp":1773294812073,"version":"3.50.1"},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030025465","type":"print"},{"value":"9783030025472","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-030-02547-2_8","type":"book-chapter","created":{"date-parts":[[2018,12,29]],"date-time":"2018-12-29T14:22:57Z","timestamp":1546093377000},"page":"131-149","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":31,"title":["Legislative Compliance Assessment: Framework, Model and GDPR Instantiation"],"prefix":"10.1007","author":[{"given":"Sushant","family":"Agarwal","sequence":"first","affiliation":[]},{"given":"Simon","family":"Steyskal","sequence":"additional","affiliation":[]},{"given":"Franjo","family":"Antunovic","sequence":"additional","affiliation":[]},{"given":"Sabrina","family":"Kirrane","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,12,30]]},"reference":[{"key":"8_CR1","unstructured":"Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. OJ L 281, 0031\u20130050 (1995). http:\/\/data.europa.eu\/eli\/dir\/1995\/46\/oj"},{"key":"8_CR2","unstructured":"IEEE recommended practice for software requirements specifications: Approved 25 June 1998, IEEE Std, vol. 830\u20131998. IEEE, New York (1998)"},{"key":"8_CR3","unstructured":"Directive (EU) 2015\/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002\/65\/EC, 2009\/110\/EC and 2013\/36\/EU and Regulation (EU) No 1093\/2010, and repealing Directive 2007\/64\/EC. OJ L 337, 35\u2013127 (2015). http:\/\/data.europa.eu\/eli\/dir\/2015\/2366\/oj"},{"key":"8_CR4","unstructured":"Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation). OJ L 119, 1\u201388 (2016). http:\/\/data.europa.eu\/eli\/reg\/2016\/679\/oj"},{"key":"8_CR5","unstructured":"Proposal for a Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002\/58\/EC (Regulation on Privacy and Electronic Communications). COM (2017) 2017\/03 (COD) (2017)"},{"key":"8_CR6","doi-asserted-by":"crossref","unstructured":"Arora, C., Sabetzadeh, M., Briand, L.C., Zimmer, F.: Requirement boilerplates: transition from manually-enforced to automatically-verifiable natural language patterns. In: 2014 IEEE 4th International Workshop on Requirements Patterns (RePa), pp. 1\u20138. IEEE (2014)","DOI":"10.1109\/RePa.2014.6894837"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: 2006 IEEE Symposium on Security and Privacy, p. 15. IEEE (2006)","DOI":"10.1109\/SP.2006.32"},{"key":"8_CR8","unstructured":"Biasiotti, M., Francesconi, E., Palmirani, M., Sartor, G., Vitali, F.: Legal informatics and management of legislative documents. In: Global Center for ICT in Parliament Working Paper 2 (2008)"},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"Boella, G., Humphreys, L., Muthuri, R., Rossi, P., van der Torre, L.: A critical analysis of legal requirements engineering from the perspective of legal practice. In: 2014 IEEE 7th International Workshop on Requirements Engineering and Law (RELAW), pp. 14\u201321. IEEE (2014)","DOI":"10.1109\/RELAW.2014.6893476"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"Breaux, T.D., Vail, M.W., Anton, A.I.: Towards regulatory compliance: extracting rights and obligations to align requirements with regulations. In: 14th IEEE International Requirements Engineering Conference (RE 2006), pp. 49\u201358 (2006)","DOI":"10.1109\/RE.2006.68"},{"key":"8_CR11","unstructured":"Breaux, T.D.: Legal requirements acquisition for the specification of legally compliant information systems. North Carolina State University (2009). http:\/\/www.lib.ncsu.edu\/resolver\/1840.16\/3376"},{"issue":"6","key":"8_CR12","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1109\/MSECP.2003.1253568","volume":"99","author":"LF Cranor","year":"2003","unstructured":"Cranor, L.F.: P3P: making privacy policies more useful. IEEE Secur. Priv. 99(6), 50\u201355 (2003)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"8_CR13","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/s00766-011-0134-z","volume":"18","author":"G G\u00e9nova","year":"2013","unstructured":"G\u00e9nova, G., Fuentes, J.M., Llorens, J., Hurtado, O., Moreno, V.: A framework to measure and improve the quality of textual requirements. Requir. Eng. 18(1), 25\u201341 (2013)","journal-title":"Requir. Eng."},{"key":"8_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"218","DOI":"10.1007\/978-3-540-72988-4_16","volume-title":"Advanced Information Systems Engineering","author":"S Ghanavati","year":"2007","unstructured":"Ghanavati, S., Amyot, D., Peyton, L.: Towards a framework for tracking legal compliance in healthcare. In: Krogstie, J., Opdahl, A., Sindre, G. (eds.) CAiSE 2007. LNCS, vol. 4495, pp. 218\u2013232. Springer, Heidelberg (2007). https:\/\/doi.org\/10.1007\/978-3-540-72988-4_16"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Grimm, R., Rossnagel, A.: P3P and the privacy legislation in Germany: can P3P help to protect privacy worldwide? In: Proceedings of the ACM Multimedia, November 2000","DOI":"10.1145\/357744.357917"},{"issue":"9","key":"8_CR16","doi-asserted-by":"publisher","first-page":"981","DOI":"10.1016\/0169-7552(93)90095-L","volume":"25","author":"GJ Holzmann","year":"1993","unstructured":"Holzmann, G.J.: Design and validation of protocols: a tutorial. Comput. Netw. ISDN Syst. 25(9), 981\u20131017 (1993)","journal-title":"Comput. Netw. ISDN Syst."},{"key":"8_CR17","series-title":"Practitioner Series","doi-asserted-by":"publisher","DOI":"10.1007\/b138335","volume-title":"Requirements Engineering","author":"E Hull","year":"2005","unstructured":"Hull, E., Jackson, K., Dick, J.: Requirements Engineering. Practitioner Series, 2nd edn. Springer, London (2005). https:\/\/doi.org\/10.1007\/b138335","edition":"2"},{"key":"8_CR18","unstructured":"Information Commissioner\u2019s Office (ICO) UK: Getting ready for the GDPR (2017). https:\/\/ico.org.uk\/for-organisations\/resources-and-support\/data-protection-self-assessment\/getting-ready-for-the-gdpr\/"},{"key":"8_CR19","unstructured":"Kamsties, E., Berry, D.M., Paech, B.: Detecting ambiguities in requirements documents using inspections. In: Proceedings of the First Workshop on Inspection in Software Engineering (WISE01), pp. 68\u201380. Citeseer (2001)"},{"key":"8_CR20","doi-asserted-by":"crossref","unstructured":"Kiyavitskaya, N., Krausov\u00e1, A., Zannone, N.: Why eliciting and managing legal requirements is hard. In: 2008 Requirements Engineering and Law, RELAW 2008, pp. 26\u201330. IEEE (2008)","DOI":"10.1109\/RELAW.2008.10"},{"key":"8_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/978-3-540-87877-3_13","volume-title":"Conceptual Modeling - ER 2008","author":"N Kiyavitskaya","year":"2008","unstructured":"Kiyavitskaya, N., et al.: Automating the extraction of rights and obligations for regulatory compliance. In: Li, Q., Spaccapietra, S., Yu, E., Oliv\u00e9, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 154\u2013168. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-87877-3_13"},{"key":"8_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"118","DOI":"10.1007\/978-3-540-44993-5_8","volume-title":"Digital Rights Management","author":"L Korba","year":"2003","unstructured":"Korba, L., Kenny, S.: Towards meeting the privacy challenge: adapting DRM. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 118\u2013136. Springer, Heidelberg (2003). https:\/\/doi.org\/10.1007\/978-3-540-44993-5_8"},{"issue":"5","key":"8_CR23","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1016\/j.csi.2005.01.003","volume":"27","author":"F Massacci","year":"2005","unstructured":"Massacci, F., Prest, M., Zannone, N.: Using a security requirements engineering methodology in practice: the compliance with the Italian data protection legislation. Comput. Stand. Interfaces 27(5), 445\u2013455 (2005)","journal-title":"Comput. Stand. Interfaces"},{"key":"8_CR24","doi-asserted-by":"crossref","unstructured":"Mavin, A., Wilkinson, P., Harwood, A., Novak, M.: Easy approach to requirements syntax (EARS). In: 17th IEEE International Requirements Engineering Conference, pp. 317\u2013322. IEEE (2009)","DOI":"10.1109\/RE.2009.9"},{"key":"8_CR25","doi-asserted-by":"crossref","unstructured":"May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: access control techniques to analyze and verify legal privacy policies. In: 19th IEEE Computer Security Foundations Workshop, p. 13. IEEE (2006)","DOI":"10.1109\/CSFW.2006.24"},{"key":"8_CR26","unstructured":"Microsoft Trust Center: Detailed GDPR Assessment (2017). http:\/\/aka.ms\/gdprdetailedassessment"},{"key":"8_CR27","first-page":"119","volume":"79","author":"H Nissenbaum","year":"2004","unstructured":"Nissenbaum, H.: Privacy as contextual integrity symposium - technology, values, and the justice system. Wash. Law Rev. 79, 119 (2004)","journal-title":"Wash. Law Rev."},{"key":"8_CR28","unstructured":"Nymity: GDPR Compliance Toolkit. https:\/\/www.nymity.com\/gdpr-toolkit.aspx"},{"key":"8_CR29","doi-asserted-by":"crossref","unstructured":"Otto, P.N., Anton, A.I.: Addressing legal requirements in requirements engineering. In: 15th IEEE International Requirements Engineering Conference (RE 2007), pp. 5\u201314. IEEE (2007)","DOI":"10.1109\/RE.2007.65"},{"key":"8_CR30","unstructured":"Schwartz, A.: Looking back at P3P: lessons for the future. Center for Democracy & Technology (2009). https:\/\/www.cdt.org\/files\/pdfs\/P3P_Retro_Final_0.pdf"},{"key":"8_CR31","unstructured":"Agarwal, S., Kirrane, S., Scharf, J.: Modelling the general data protection regulation. In: 20. Internationales Rechtsinformatik Symposion (IRIS) 2017, 23\u201325 Feb 2017, Salzburg (2017)"},{"key":"8_CR32","doi-asserted-by":"crossref","unstructured":"Toval, A., Olmos, A., Piattini, M.: Legal requirements reuse: a critical success factor for requirements quality and personal data protection. In: Proceedings IEEE Joint International Conference on Requirements Engineering, pp. 95\u2013103. IEEE (2002)","DOI":"10.1109\/ICRE.2002.1048511"},{"key":"8_CR33","volume-title":"Requirements Engineering: From System Goals to UML Models to Software Specifications","author":"A Lamsweerde van","year":"2009","unstructured":"van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications, vol. 10. Wiley, Chichester and Hoboken (2009)"},{"key":"8_CR34","unstructured":"W3C ODRL Community Group: ODRL Information Model 2.2 (2018). https:\/\/www.w3.org\/TR\/odrl-model\/"}],"container-title":["Lecture Notes in Computer Science","Privacy Technologies and Policy"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-02547-2_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,13]],"date-time":"2019-11-13T07:24:36Z","timestamp":1573629876000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-02547-2_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783030025465","9783030025472"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-02547-2_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"APF","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Annual Privacy Forum","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Barcelona","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Spain","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 June 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 June 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"6","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"apf2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/privacyforum.eu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"49","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"11","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"22% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3.16","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"3.0","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information"}}]}}