As most of you will already be aware the General Data Protection Regulation is due to come into force 25th May this year. The new law has been created to ensure EU citizens have better protection over their personal data and the way it’s handled by organisations.
Personal data is defined as any record that can identify an individual – such as names, addresses and phone numbers. Under the new regulation digital information such as GPS locations and usernames are also classed as personal data which means you as an app owner, and the majority of businesses will be affected by the regulation.
The new changes mean you’ll now be responsible for much more then just keeping your customer’s details safe – you will need to ensure you are as transparent as possible when it comes to your data. It’s important to make clear what your processes are for keeping and discarding data as well as keeping a record of any changes you make or when a record is accessed (this applies to digital and physical records).
In order to become compliant you will need to gain an understanding of what data you already own, where it has come from and how you are using it – this can be achieved by conducting a data audit. By collating this information it will allow you to asses the strength of your companies security and pinpoint any vulnerabilities within your network that maybe putting your customer’s data at risk.
It’s also important to note that your developers, wether in-house or apart of an agency need to encrypt and secure all data that moves between your app and servers as well as hashing user’s passwords.
There are five main areas of the General Data Protection Regulation that you will need to consider for your app:
Data Breach Notification
The new regulation shortens the time given to a business to report and notify it’s users of a data breach. All data breaches must now be reported to the national supervisory authorities within 72 hours.
To ensure you’re prepared for the worst case scenario it’s a good idea to create a disaster recovery plan and ensure your technology is capable of efficiently protecting your data.
All organisations are now required to ask for user’s consent prior to sign up. You must be upfront with what data you are collecting, why you are collecting it, how you will store and process it, and protect it. This means your privacy policies will need to be updated to ensure they reflect the new requirements. You must also ensure that your policies are written in a clear and concise language that is appropriate to your target market.
Privacy by Design
When developing an app, the GDPR believe that businesses should promote the privacy and data protection at the start of a new project. This means the protection of data should be the number one consideration throughout the entire life cycle of a project.
Right to be Forgotten
According to the General Data Protection Regulation a data subject should have two rights; the right to erasure and, their data no longer processed in relation to the purpose for which is was originally intended. This means users can request changes to be made to their data and request all their data be removed – this includes servers and backup systems so the data cannot be recovered.
Data Protection Officers
Depending on your industry you may find it beneficial to employ a data protection officer who is responsible for facilitating the new regulation. The officer will be responsible for the communication between your business and the national authorities as well as and ensuring all policies are updated and compliant.
Although the new rules and regulations aren’t into force yet, its a good idea to start looking at the way your app uses data and speaking to your development team to gain a better understanding of how your app currently processes data – this will ensure you have time to make the necessary adjustments before your app goes live. It’s important that you have complete visibility and control over the app servers and activity to ensure the protection of your user’s data.
We want to help you in your journey to becoming compliant and also to ensure that all of your projects are inline with the data regulations. We’re still learning ourselves but anything we learn we’ll show you but in the meantime if you do have any concerns about the compliance of your projects just give us a call on 01625 560 771.