Staff Profile Pages

Requirements-Driven Evaluation of Model-Based Low-Code Platforms for GDPR-Compliant Health Applications: A Comparative Study of Mendix and OutSystems

Authors: Meacham, S., Chukwuebuka, O.

Conference: MODELSWARD 2026

Dates: 07/03/2026

Publication Date: 07/03/2026

Abstract:

Low-code/no-code (LCNC) platforms are increasingly promoted for healthcare applications, enabling non-technical professionals to prototype digital solutions. In regulated domains, however, compliance with the General Data Protection Regulation (GDPR) is critical, and it is unclear whether LCNC platforms provide adequate support for such requirements. This paper introduces a requirements-driven evaluation framework that operationalises five GDPR provisions—data minimisation (Art. 5), lawfulness of processing (Art. 6), consent (Art. 7), privacy by design/default (Art. 25), and security of processing (Art. 32)—into concrete modelling tasks. The framework is applied in a comparative study of two leading LCNC platforms, Mendix and OutSystems, using a benchmark chronic disease management application. Findings show that Mendix offers more accessible support for non-technical users, particularly for consent and privacy-by-default, while OutSystems provides greater flexibility in data handling at the cost of higher configuration effort. The study contributes a structured framework for linking legal obligations to model-based development tasks and provides practical insights for selecting LCNC platforms in GDPR-regulated healthcare contexts.

Source: Manual