General Data Protection Regulation (GDPR) is an EU law framing the legal bounds of personal data and privacy and goes into effect on May 25, 2018.
Foreign companies outside the EU are required to adhere to the regulations when processing personal data involving EU residents. As a result, many see GDPR as a new standard for apps serving a global audience.
In the last six months, we’ve been told multiple times that budget has been allocated for a project specifically to prevent an embarrassment on the scale of Equifax. Our team is auditing existing applications, upgrading or phasing out legacy apps, crafting rules to automatically purge data, and creating new utilities that give users the ability to request and update their information.
The best advice we can give is something we’ve said before on this blog. Companies should anonymize data because you can’t lose what you don’t have. Collect and secure the personal data you need, stop asking for data that isn’t of value, and anonymize your data before using it for secondary purposes such as analytics or logs.
Your app is likely in good shape if you feel good about the following action items.
One resource we’ve been sharing with clients is GDPRchecklist.io, a checklist put together by the folks at Knowlex. The checklist summarizes top level considerations and links to the full text of the corresponding law.
Contact us with your compliance questions. We’re happy to hop on a call to answer quick questions. And if you’d like a formal audit, our team will analyze your code and provide a recommendations document with actionable steps to improve your app.