Although we've written about GDPR before, as you've seen in our previous blogs, it's always good to reiterate what GDPR is and how it affects us all. In April 2016, the General Data Protection Regulation, also known as GDPR, was adopted. GDPR refers to personal data, i.e. data that could identify an individual. Identifiers can include names, phone numbers and addresses, as well as digital information such as usernames, locations and more. All companies and organizations must adapt, and you must pay special attention when creating an application.
What should we know if we want to make a mobile application that is GDPR compliant?
When you use a registry or database that contains personal, confidential data, if you do not have a legal framework (work contract, contract for the delivery of goods or services, etc.) you must have permission to process that data, determine who will have access to it, specify for how long you will keep this data and for what purpose you will use it. The box must no longer be automatically turned on as it was before, but must be marked manually. When logging into the application, we must take care that the application requires the minimum amount of information necessary for it to function. It is also important to take care of the security of personal data at every stage of application development, because every person who has access to personal data is responsible for it, so be careful what data you ask for. In addition, your developers should encrypt and secure all data moving between the application and the server.
When creating the application, you must take care to allow users to change and delete their data. All organizations will need to have a system or process in place to locate certain data and remove it. This includes all services and backup systems so that data cannot be recovered from anywhere. Be prepared for possible additional investments in better technology to ensure continuous monitoring of your data. You will also need to have a disaster plan. For application owners, both client and enterprise, it is critical that you have complete visibility and control over the usage and activity of the applications and their data in real time in a centralized manner.