Why are Developers Struggling to Put GDPR into Practice when Developing Privacy-Preserving Software Systems?
It addresses a critical problem for software developers and organizations in ensuring legal compliance and privacy protection, but is incremental as it builds on prior research on privacy implementation barriers.
This paper investigates why software developers struggle to implement GDPR principles in privacy-preserving software systems, finding that developers lack familiarity and knowledge of GDPR principles and techniques.
The use of software applications is inevitable as they provide different services to users. The software applications collect, store users' data, and sometimes share with the third party, even without the user consent. One can argue that software developers do not implement privacy into the software applications they develop or take GDPR (General Data Protection Law) law into account. Failing to do this, may lead to software applications that open up privacy breaches (e.g. data breach). The GDPR law provides a set of guidelines for developers and organizations on how to protect user data when they are interacting with software applications. Previous research has attempted to investigate what hinders developers from embedding privacy into software systems. However, there has been no detailed investigation on why they cannot develop privacy-preserving systems taking GDPR into consideration, which is imperative to develop software applications that preserve privacy. Therefore, this paper investigates the issues that hinder software developers from implementing software applications taking GDPR law on-board. Our study findings revealed that developers are not familiar with GDPR principles. Even some of them are, they lack knowledge of the GDPR principles and their techniques to use when developing privacy-preserving software systems