The goal of this project is to explore how industrial organizations practising CSE are handling Non-functional requirements (NFR). NFRs, which include performance, availability, and maintainability, are vitally important to overall software quality. Research has shown NFRs are, in practice, poorly defined and difficult to verify. Continuous software engineering (CSE) practices, which extend agile practices, emphasize fast paced, automated, and rapid release of software that poses additional challenges to handling NFRs. Thus we are left at a crossroad where NFRs are vital to the success of quality, but NFRs are often deprioritized over functional aspects, the result is that an organization is unable to build and maintain a shared understanding of important NFRs, which ultimately hinder an organization’s ability to achieve continued success. A specific NFR of note is privacy as consumer data privacy increasingly become a crucial aspect that software organizations must consider when developing software. In particular, in recent times, governments around the world are actively enacting new legislation that govern the legal boundaries for how software organizations handle privacy. Specifically, the General Data Protection Regulation (GDPR) passed in the European Union introduced guidelines regarding processing and collection of personal data from European Union citizens. Therefore, how can software organizations adequately comply with the GDPR became a new profound challenge for any software organization that handles European Union private data.
The following research questions are guiding our research:
1) How does one effectively build, manage, and maintain a shared understanding of non-functional requirements in continuous software engineering?
2) What is the interplay between shared understanding of non-functional requirements and continuous software engineering?
3) How do small software organizations practicing CSE move towards GDPR (privacy) compliance