Privacy-Sensitive Design for privacycompliant applications
: How developers can implement privacy values and Privacy by Design in their process.

  • R. van den Berg

Student thesis: Master's Thesis


The introduction of the GDPR sparked a lot of discussion on privacy and already resulted in penalties for data processors for not complying with the regulation. One of the requirements enforced by the GDPR is building applications using Privacy by Design. To determine how more ‘privacy-compliant’ applications can be created, an exploratory qualitative research design has been conducted using a case study approach in this study. Findings are based on interviews performed in two educational organisations.
The findings reveal that both employees (as users) and software developers value privacy, although they do not always act on it. Both users and developers see the need to adapt to Privacy by Design principles and the use of the Value Sensitive Design method during software development, as beneficial for applications. Users also indicate that they would like to give more input relating to the design of privacy-embedding software applications. The research concludes that using a set of privacy principles and a method when developing these applications, could add to more ‘privacy-compliant’ applications that can be more GDPR compliant, which both allow for more future research. Although the study has some limitations with respect to external validity, the study’s findings can be applied to increase software development teams’ awareness and incorporation of privacy as a value in new applications. The research contributes to the body of knowledge in information science on how software developers can create more GDPR compliant applications.
Date of Award2 May 2020
Original languageEnglish
SupervisorRachelle Bosua (Examiner) & Laury Bollen (Co-assessor)


  • Privacy by Design (PbD)
  • Value Sensitive Design (VSD)
  • Application development,
  • GDPR
  • Privacy
  • Value of Privacy

Master's Degree

  • Master Business Process management & IT (BPMIT)

Cite this