Modelling GDPR-based Privacy Requirements with Software Engineering Diagrams: A Systematic Literature Review
It addresses the challenge of integrating GDPR privacy requirements into software design for developers and organizations, but it is incremental as it reviews existing work without proposing new methods.
This systematic literature review analyzed 18 studies from 2017 to 2025 to understand how software engineering diagrams are used to model GDPR-based privacy requirements, identifying gaps such as the need for better integration and automated compliance tools.
The application of the General Data Protection Regulation (GDPR) has significantly affected privacy requirements elicitation, modelling, and verification in Software Engineering (SE). One of the affected areas is requirements visualisation through modelling diagrams, which plays a crucial role in ensuring privacy compliance, as functional system requirements should be integrated with GDPR-based privacy requirements. We present a systematic literature review on how SE diagrams have been employed to capture and integrate GDPR-based privacy requirements into software system design. The study aims to identify the existing research landscape, existing gaps, and directions for future work. Following a rigorous search protocol and addressing two research questions, 18 primary studies published between 2017 and 2025 were selected, analysed, and categorised based on (i) the diagram types used, and (ii) the GDPR principles or rights addressed. The findings highlight the need for inter-diagram integration, full lifecycle traceability mechanisms, tool support, and automated compliance checking.