DiálogoP - A Language and a Graphical Tool for Formally Defining GDPR Purposes.

The notion of processing purpose, as set out in the EU General Data Protection Regulation (GDPR), comprises a crucial part of a software system’s privacy policy. Processing purposes are meant to characterize the usage of personal data within a system. In this work, we propose a formal type language for defining purposes as the communication exchanges between a system’s entities, based on session types enhanced with privacy notions. In order to provide software engineers with the means to easily define processing purposes, we encode the formal language syntax to a UML-based domain model and we present DialogoP, a tool that supports the graphical model definition and subsequently translates it into formal language definitions.