The General Data Protection Regulation (GDPR) has been introduced as a regulation in the EU designed to protect personal data. Implementing GDPR immediately presents a challenge for organizations because it requires strong data protection measures. Despite its clear intended purpose of giving people control over their personal data, GDPR is still a difficult task for organizations to adopt.
This study investigates the challenges that organizations encounter while implementing GDPR and gap between the requirements of the regulation and realistic implementation strategies.
Furthermore, the study focuses on how implementing secure software development (SSD) best practices can improve GDPR compliance. There is still much to learn about the potential of SSD practices for obtaining GDPR compliance.
The thesis also looks into how incorporating secure design principles can lead to a more effective and efficient way to obtaining GDPR compliance. We do so by analyzing the shortcomings of current implementa- tion methodologies and by encouraging the development of system that is more secure.
This thesis presents a systematic literature review (SLR) of published research articles that address SSD best practices to achieve GDPR com- pliance, as well as implementational challenges of the GDPR.
| supervisors | Martin Steffen |