6 steps for GDPR compliance for mobile apps

Less than a month has left to prepare your mobile application to meet the requirements of the new law. If you want users to use your application in the EU, you must, by May 25, 2018, adapt to the new regulations on the protection of personal data. What does this mean in practice? How to prepare a mobile application for GDPR? See: What are the consequences of not adopting the mobile application to the new GDPR regulations?

The most important for you are two pieces of information - first of all, the GDPR concerns everyone operating in the EU. It does not matter whether you run a small business, whether the application works as part of a startup or a large corporation. Everyone must adapt. It also does not matter where your company is registered and where the server is located. If you process personal data of citizens of an EU country (and Norway, Iceland, and Liechtenstein), GDPR also applies to you. Secondly, new regulations do not dictate ready-made solutions for implementation. GDPR is not a set of guidelines, the steps taken should be tailored to the type and amount of personal data processed by your application.

The main assumption of GDPR is giving full control over personal data to the user they concern. He must give informed consent to the processing of this information, and may at any time demand their removal from your database. Providing this to the user and creating/adapting a mobile application compatible with GDPR is a relatively easy task, but you should be careful and accurate because the penalties for non-compliance with the new regulations are very high. Most wisely, due to the lack of top-down, statutory guidelines and requirements, is to entrust it to specialists - people who are GDPR certified .

See the six steps to create an application compliant with new law developed by the GDPR certified member of our team.

1. Additional points to the loyalty program

Think about what personal data you actually need to collect from the users of your mobile application. The ideal privacy policy is one whereas little inscriptions are saved as possible.

2. A clear interface regarding the processing of personal data.

Do not use in your mobile application small printers or automatically marked checkboxes in which the user consents to the processing of his personal data. Stick to a simple rule - make it easier for the recipient to read the privacy policy and do not hide anything. Inform in a clear and visible way what data you collect, as well as for what purpose are processing and how you can request their removal. Transparency and honesty are the most important guidelines related to GDPR.

3. Security of applied solutions.

So far you have not bothered that your application can be easily hacked? No more - you have to be safe from 25 May! Secure user data (use secure passwords, dedicated solutions, encryptions, send this task to specialists), a mailbox through which you contact users or an application login system. Take care of the up-to-date systems, use only new versions of frameworks. This point is the biggest challenge for older applications - you have to update them or you may not be sure that solutions used are free from loopholes and are not an easy target.

4. Carefully selected partners.

Do you use dedicated solutions for statistical purposes or newsletter? It is your responsibility to check whether the companies with whom you cooperate comply with the new guidelines. To do this, read Terms & Conditions for these and look for information about compliance with GDPR.

5. Efficient contact with the user

Make sure the user can easily contact you and you will respond quickly to his message. Remember that he can at any time request removal of his personal data, and you must guarantee that. The contact should work in two directions - you have an obligation to inform (and obtain consent) users as soon as you change the way in which the personal data is processed.

6. Gdpr compatibility test.

When you are not sure if your application is compatible with the new guidelines, do not take any risks - use the help of gdpr certified professionals. They conduct compatibility audit and, if problems arise, help you customize your applications. Learn more about the gdpr audit .

green arrow