Forgot Personal Data at Requirements Stage? Expect Fines!
-
40 min
The talk demonstrates how a system analyst can minimise legal risks by identifying personal data (PD) protection requirements and transforming them into functional and non-functional requirements during of requirements gathering and analysis stage.
Within the talk, participants will learn:
- what legal minimum is required for an analyst: key concepts in the field of PD, core provisions of Federal Laws;
- how to extract specific requirements from regulatory sources;
- how to transform legal norms into functional and non-functional requirements, as well as acceptance criteria;
- which typical mistakes lead to violations and fines;
- why it is necessary to handle a register of operations;
- what the difference is between logging and journalisation of personal data.
Participants will get:
-
a checklist for identifying PD within a system;
-
a ready-made use case, “Recording a PD Operation in the PD Register”;
-
structured functional and non-functional requirements, along with acceptance criteria.