Even after a month of its implementation, the understanding of the GDPR has not been clearly understood by many mobile app owners and what it means for the future of mobile app development for customers who are EU citizens.
What is GDPR?
GDPR is a very vast topic to cover.
The short explanation for it would be that GDPR is a regulation act on data privacy and protection of all the citizens of european Union and is applicable on all the territories lying under the European Economic Area (EEA).
The detailed explanation for it would be that GDPR has been designed keeping in mind the rising concern of leakage of personal data while browsing online. After the Cambridge Analytica incident and its alleged utilization in swaying public opinion illegally in political events like the Brexit vote, the need of securing personal data became extremely significant. In the wake of these needs, the GDPR act is exactly what was required. GDPR is a way to give control to the citizens over their personal data and make sure that the data is not used for any purpose without their knowledge.
Also, this increases the legal responsibility of every data processor by manifold. App developers, publishers and marketers, all not only need to keep the data they collect from the customers safe but also have to ensure that a complete record of all processing operations of that data is maintained and have to disclose, to the users, the details of how they plan to use the data collected.
All these regulations have to be satisfied by any business app or website doing business with any of the countries that lie within the EEA and a failure to do so can result in a fine of up to 20 million euro.
The complete GDPR document is 88 pages long and has over 50,000 words in it. This obviously is too much of information to digest for a person who is not well versed with legal as well as cyber security matters. Most app developers around the world are also trying to get a grip over all these GDPR changes.
So, to make things simpler for every app development company which is trying to contemplate these changes brought in with the GDPR act, here is a checklist for every mobile app to be GDPR compliant.
The Mobile App GDPR Compliance Checklist
The GDPR compliance checklist can be broken down in 2 parts:
- A list of all the personal data the app collects and stores
- A consent for obtaining all that information fairly. There can be no personal data collected without the knowledge of the user.
- An assurance that the data is not being held for a time longer than necessary and the data is kept up to date.
- Limiting access to ensure it is only being used for its intended purpose.
- Declaration if the app is collecting or processing any special categories of personal data, such as sensitive personal data, children’s data, biometric or genetic data, etc. and if so, the app should meet all the required standards to collect, process and store it.
- A clear acceptance that the data collected will be stored securely and all the necessary encryptions will be used to prevent data theft.
- In case of a data breach, the affected users will be notified within 24 hours of the discovery of the breach.
- The details of who will have access to the collected data will have to be provided and also the details of what the data will be utilised for. There can be not misuse of the collected user data.
- The user should be notified that if he or she wishes to withdraw his or her consent for sharing personal data, it is possible to do so at any point of time. Every user should be given access to be able to delete one’s own data from the database at any point of time.
- If the app owner intends to transfer the collected user data outside EU, he or she needs to declare the same and also make sure that there are adequate protections in place for the security of the data.