Back
Blog Post|#agency#engineering

GDPR Compliance For App Developers

Michael YaredSaturday, April 28, 2018
a european union flag

General Data Protection Regulation (GDPR) is an EU law framing the legal bounds of personal data and privacy and goes into effect on May 25, 2018.

Why it matters

Foreign companies outside the EU are required to adhere to the regulations when processing personal data involving EU residents. As a result, many see GDPR as a new standard for apps serving a global audience.

Thanks to massive breaches of trust at Yahoo, Facebook and Sony, officials and politicians all over the world are taking note. Personal privacy is becoming a staple in mainstream current events.

What developers need to know

In the last six months, we’ve been told multiple times that budget has been allocated for a project specifically to prevent an embarrassment on the scale of Equifax. Our team is auditing existing applications, upgrading or phasing out legacy apps, crafting rules to automatically purge data, and creating new utilities that give users the ability to request and update their information.

The best advice we can give is something we’ve said before on this blog. Companies should anonymize data because you can’t lose what you don’t have. Collect and secure the personal data you need, stop asking for data that isn’t of value, and anonymize your data before using it for secondary purposes such as analytics or logs.

Important action items

Your app is likely in good shape if you feel good about the following action items.

  1. Know what data you have and where you keep it. Data finds its way outside of databases easily. It’s important that your developers have a map of the sensitive fields in your database schema.
  2. Ensure your data is safeguarded to the best of your company’s ability. This is a tough one even for large companies. If you expose an API, audit the permissions and write tests to ensure sensitive data requires authentication.
  3. Give your users the ability to request, edit or purge their personal information. This is both a GDPR requirement and an opportunity to think about how you securely send and remove user data.
  4. Keep your internal and external teams up-to-date through trainings. If you don’t have a formal training, start with a lunch and learn where your team can ask questions.

One resource we’ve been sharing with clients is GDPRchecklist.io, a checklist put together by the folks at Knowlex. The checklist summarizes top level considerations and links to the full text of the corresponding law.

Contact us with your compliance questions. We’re happy to hop on a call to answer quick questions. And if you’d like a formal audit, our team will analyze your code and provide a recommendations document with actionable steps to improve your app.

Share this post

twitterfacebooklinkedin

Related Posts:

Dial on a front of a safe

Understanding HIPAA Compliance for Apps

Michael Yared

October 31, 2017

an old typewriter and other office supplies

How to Blog in 10 Doable Steps

Alex Anderson

August 17, 2022

A sky view with the tops of palm trees.

California Consumer Privacy Act — 79 Days Until the CCPA Goes into Effect

Echobind Team

October 14, 2019

Person filling out a checklist

10 Questions to Ask Around Safeguarding Patient Data

Michael Yared

December 18, 2017

a laptop and a notebook on a table

How to Prepare for Hiring and Recruitment

Elrick Ryan

February 25, 2020

an iphone on a table

How To Get Your iOS App Into TestFlight and Test It

David Barkman

January 20, 2022

Interested in working with us?

Give us some details about your project, and our team will be in touch with how we can help.

Get in Touch