I'm all Ears! Listening to Software Developers on Putting GDPR Principles into Software Development Practice

TL;DR

This paper explores the challenges faced by software developers in integrating GDPR principles into their development process, highlighting knowledge gaps, resource issues, and focus on functionality over privacy.

Contribution

It provides empirical insights into the specific barriers developers encounter when trying to implement GDPR, an area previously underexplored.

Findings

Lack of familiarity with GDPR principles among developers

Developers focus more on functional requirements than privacy

Resource and institutional support are lacking

Abstract

Previous research has been carried out to identify the impediments that prevent developers from incorporating privacy protocols into software applications. No research has been carried out to find out why developers are not able to develop systems that preserve-privacy while specifically considering the General Data Protection Regulation principles (GDPR principles). Consequently, this paper aims to examine the issues, which prevent developers from creating applications, which consider and include GDPR principles into their software systems. From our research findings, we identified the lack of familiarity with GDPR principles by developers as one of the obstacles that prevent GDPR onboarding. Those who were familiar with the principles did not have the requisite knowledge about the principles including their techniques. Developers focused on functional than on privacy requirements. Unavailability of resourceful online tools and lack of support from institutions and clients were also identified as issues inimical to the onboarding of GDPR principles.