General Data Protection Regulation
General Data Protection Regulation (GDPR)
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union.
The law coming to effect In May 2018 and will apply to organizations located inside and outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
The penalties for non-compliance for breaching GDPR can be up to 4% of annual global turnover or €20 Million.
GDPR Key Changes
Breach Notification
After first becoming aware of a data breach, all users, as well as authorities must be notified within 72 hours.
Right to Access
Businesses must request and receive agreement from the users to collect, use or move personal data, and for what purpose.
Further Businesses shall provide a copy of the personal data, free of charge, in an electronic format.
Right to be Forgotten
The right to be forgotten entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
Data Portability
The right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine-readable format.
Privacy by Design
A business should hold and process only the data absolutely necessary for the completion of its duties (data minimization), as well as limiting the access to personal data to those needing to act out the processing.
Data Protection Officers
(DPOs) employees will be hired for their expert knowledge on data protection laws and practices If the processing is carried out by a public authority, except for courts or independent judicial authorities when acting in their judicial capacity or if, in the private sector, processing is carried out by a controller whose core activities consist of processing operations that require regular and systematic monitoring of the data subjects.
How Mobile apps affected by GDPR?
The App developers take full responsibility for the information of its users and their privacy.
Thus, the app must provide complete visibility and control over user data and privacy.
How to get ready for GDPR
- Save only the most necessary data of the user in your app.
- Users must agree to a list of data that the app wants to use and save.
- Personal information of the user must be encrypted
- Users must have easy access to delete their own data.
- Users must be updated when a data breach made.
- Be aware of your SDKs personal information usage.
