Leveraging ChatGPT for GDPR Compliance in Requirements Engineering: A Pilot Study

Large Language Models (LLMs) have significantly impacted various industries, offering enhanced processes and decision-making capabilities. Among these models, ChatGPT, an intelligent conversational agent, has found applications in multiple fields, including software development. This study explores how ChatGPT can benefit requirements engineering (RE), specifically in facilitating compliance with the General Data Protection Regulation (GDPR) principle of data protection by design and default. In particular, our research objective is to evaluate ChatGPT's ability to support professionals in assessing GDPR compliance within user stories, thus enhancing requirement quality. We obtain insights into ChatGPT's strengths and limitations in this context through an experiment and survey pilot study with experts. The experiment's outcome suggests that respondents generally agreed with ChatGPT's evaluation of user stories on GDPR compliance, agreeing with almost 73% of ChatGPT's evaluations. Furthermore, the survey results showed reservations regarding recommending ChatGPT to peers or colleagues, suggesting a cautious stance within the professional community. This study provides insights into ChatGPT's utility as an assistive tool for GDPR compliance in RE, presenting a starting point to address GDPR challenges in RE using LLMs.