A Serious Game Design Framework for Software Developers to Put GDPR into Practice

The growth of the internet has significantly increased data breaches (i.e. privacy breaches) in software systems. It could be argued that software developers failed to implement privacy into software systems with the appropriate privacy guidelines or laws such as the General Data Protection Regulation (GDPR). GDPR has a set of guidelines that enables software developers to implement privacy into software systems. Nevertheless, these guidelines have been developed with lawyers in mind, rather than software developers. This could hinder developers from putting GDPR into practice and eventually lead to data breaches through the systems they develop. On the other hand, software developers also need help (e.g. tooling support or educational interventions). Therefore, this paper proposes a game design framework, as an educational intervention, to teach software developers to implement privacy-preserving software systems taking GDPR on-board. The proposed framework focuses on improving developers’ security coding behavior through their motivation. It also ensures software developers can put GDPR into practice when developing privacy-preserving software systems.