Arachchilage, NalinAlhazmi, Abdulrahman2023-06-142023-06-142023-06-14https://hdl.handle.net/20.500.14154/68379The use of software applications is inevitable as they provide different services to users. The software applications collect, store user data, and sometimes share it with a third party, even without the user’s consent. The Internet has also grown, significantly increasing data breaches in software systems. One of the reasons for this might be that the software developers responsible for ensuring that software systems are embedded with the appropriate privacy guided by laws such as GDPR, fail to implement the laws. GDPR law has guidelines that software developers can follow to implement privacy into software systems. Nevertheless, many data breaches might be due to the failure to implement guidelines. Developers might be lacking enough motivation to implement the GDPR law. Therefore, to equip developers with the motivation to implement their skills to mitigate such breaches, this thesis proposes a GDPR game-based teaching framework. Gamification, widely described as "the use of game design elements in non-game contexts", has previously shown potential in the development of exciting and efficient learning experiences, both in the sense of education and business. Some researchers have concentrated on the connection between software privacy and gamification, but they only focus on a few data privacy elements. The proposed framework will focus on improving developers' secure coding behaviour by way of their motivation. The novelty of this framework is that it will incorporate all GDPR principles together, making sure that software developers put GDPR into practice, resulting in software systems embedded with privacy. This study aimed to assess the effectiveness of a gamified application in educating developers on incorporating privacy-preserving techniques into software code. The impact of developers on application design was examined, and subjective satisfaction was assessed using the System Usability Scale (SUS). A think-aloud study experiment with pre-test and post-test evaluations was conducted, revealing encouraging results. Participants demonstrated a significant improvement in their understanding of the General Data Protection Regulation (GDPR) and their ability to incorporate privacy into their code. The gamified application successfully taught participants how to use privacy-preserving techniques in software design. This study investigates the motivating factors that influence developers' adoption of privacy-preserving techniques in software code. Key factors identified include perceived threat, susceptibility, severity, self-efficacy, lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality. These findings highlight the effectiveness of gamification in promoting secure coding behaviour and inform the game design framework for privacy incorporation.175enGDPRPrivacyPrivacy by DesignSecure Coding BehaviourSoftware DevelopersMotivationGamifiedGamification.Developing an Awareness Framework for Software Developers to Implement Privacy into Software SystemsThesis