What do You Need to Know About GDPR When Creating an App?

3 min read
Aug 20, 2018

On May 25, 2018, General Data Protection Rules (better known as GDPR) came into full effect in such little time, replacing the old Data Protection Directive (DPD) of 1995. While GDPR is a set of rules for the European Union, if you are a global app developer with a strong presence in Europe, you need to have a in-depth understanding of ways you can comply with the rules. Take Facebook for example. Due to their major privacy breach earlier this year, they undoubtedly created the unhealthy reputation of being a poor privacy protection platform, which sparked the worldwide debate of improving privacy rules with the hopes of minimising fraud for the future.

Broadly speaking, GDPR aims to make companies more accountable for users’ personal data and how it is used. GDPR requires privacy by design and also puts the responsibility of data protection on organisations instead of individuals.

If you are an app developer, here’s the essential things you need to know in order to meet GDPR compliance.

1. Consent should be explicit

According to GDPR, privacy should be the default. Consent cannot be assumed, which means if a user hasn’t taken any action, you cannot use their personal data. GDPR also requires that businesses ask for consent explicitly through simple-worded requests.

Users also have the right to revoke access to their personal data and reserve the right to be forgotten.

Important considerations for app developers: Since explicit consent is so important, make sure easy user-business communication is built-in. Allow users to change privacy settings easily. Do not bombard them with data-access requests the first time their open your app. Instead, request access at relevant points in the user journey. For instance, if you are a food delivery app, request access to their phone location when are about to order food.

In addition, your app should also have a built-in feature that allows users to delete their account permanently and erase their digital history.

2. Privacy by Design

According to GDPR, privacy should be a proactive measure for every business. Even before you start developing your app, you need to think about all of the different types of personal information you will be collecting for a seamless user experience. Keep in mind that according to GDPR, you can only collect data that is absolutely crucial for the functionality of your app.

Important considerations for app developers: Keep your encryption game strong. Make sure you have proper data handling procedures put in place before you begin any project. Access to sensitive data must be given to a select few within your team, again only if crucial. 

Broadly speaking, GDPR aims to make companies more accountable for users' personal data and how it is used.Click To Tweet

3. Transparency and Clarity

One of the key components to complying with GDPR is users being made aware of how their data is being used and what it is being used for. They should also be aware of any third parties that have access to their personal data. Your privacy policy should be simply worded to be comprehensible to an ordinary reader person.

Important considerations for app developers: If your app needs to connect to third-party services, explicitly disclose the names of these third parties within your privacy policy. For instance, you could be using OneSignal or Firebase for push notifications. In addition, make sure whichever third parties you collaborate with are also GDPR compliant.

4. Data Collection and Logging

According to GDPR, businesses are required to log every kind of data they are collecting. They also need to justify their reasons for collecting this personal information and outline how they intend to use it. Comprehensive documentation of your data usage practices is an important tenet of GDPR.

Important considerations for app developers: If you are a small app developer who is short on supplies, tools and resources, you might want to hire a third-party vendor for documenting your data usage practices. The third-party vendors you hire should also be GDPR compliant and they should have strong encryption strategies set in place.

It is important that you limit the kind of personal data you need from your users to a bare minimum. The less access you have to a variety of different types of personal information, the less paper work task you are associated with. If you have an app idea and would like to ensure it is GDPR compliant, Talk To Us today! It’s better to be safe than sorry!

Get Email Notifications