Protecting Personal Information in Enterprise Applications

In the digital environment, personal information gets stored by various service providers and in some situations can be used out of its purpose and without permission. These violations led to various legislation in the world and The Law for Protecting Personal Information (KVKK) in Turkey. Software that collects personal information needs to comply with the legislation as well. However, a model and sets of requirements for transforming the software development process for protecting personal information do not exist for the use of software developers and analysts. In this work, we report the experience we had while preparing a guide for software developers that includes a transformation model and a set of requirements based on KVKK. The relevant guide to this study is used as an input to the Turkish Presidency Digital Transformation Office Information and Communication Security Guide.