This book introduces data protection, i.e. the protection of individuals from misuse of their personal data. It provides a special focus on the direct impact on software development, e.g. in the form of functional requirements for software systems resulting from data protection.



Chapter 1 provides an initial overview of the basic concepts of data protection and its legal foundations. Chapter 2 then delves deeper into the European General Data Protection Regulation (GDPR), covering in particular its basic concepts, terminology and requirements. Next, the specific implementation and interpretation of GDPR requirements in software and IT are dealt with, starting in chapter 3 with the principles of data protection defined in GDPR and the rights of data subjects in chapter 4. Chapter 5 discusses data transfer between organizations, including the relevant constellations (e.g. through various service providers), the legal framework and its practical implementation. Subsequently, chapter 6 changes the view from individual regulations and their implementation to technical and organizational design of data protection, including its embedding in the software life cycle, while chapter 7 provides an overview of information security and its aspects relevant to data protection. Eventually, chapter 8 deals with data protection for organizations as they are data subjects themselves.



The appendices contain the most important excerpts from the Charter of Fundamental Rights of the EU and GDPR in this context, a collection of links to relevant laws and supervisory authorities, as well as a glossary of the most important terms used.



The book’s target groups include software developers, IT consultants, requirements analysts, IT operations personnel and project managers in IT projects, but also data protection managers and data protection officers in the context of software development and IT.