The new GDPR regulation, which was enacted in May 2018, will completely change the way companies use and manage personal data of their users. For organizations that operate in Europe or gather personal data of EU citizens residing in any part of the world, this means reviewing the technical implication that these updated laws will have on their web applications or online operations. How do you implement an application that’s compliant with the EU directive that provides complete control of personal data to users? Here are 12 guidelines:

1. t12 Essential Steps for GDPR
Compliant Mobile App
12 Essential Steps for
GDPR Compliant Mobile App

2. What is GDPR?
The new GDPR regulation, which was enacted in
May 2018, will completely change the way
companies use and manage personal data of their
users. For organizations that operate in Europe or
gather personal data of EU citizens residing in any
part of the world, this means reviewing the technical
implication that these updated laws will have on
their web applications or online operations.

3. Consequences of non-
compliance with GDPR
Organizations that fail to implement GDPR risk being
levied huge fines in the range of €1 million or 2% of
the global turnover, or €2 million or 4% of the global
turnover, depending on the sensitivity of the data.

4. Four Most Important
Aspects of the Law
1. Easier Access to Your Own Data
2. A Right to Data Portability
3. A Clarified Right to be Forgotten
4. The Right to Know When Your Data Has Been
Hacked

5. How do you implement an application
that’s compliant with the EU directive that
provides complete control of personal
data to users?
Here are 12
guidelines

6. Analyze whether all the
personal data requested
by app is actually needed
Ideally, a privacy implementation should
save as little as possible of the users’
personal details, such as birth date, name,
country of residence, etc.
1.

7. All personal data should
be encrypted, and users
informed about it
If an application needs to save personal
information, this data should be encrypted
using reliable and strong encryption
algorithms, such as hashing.
2.

8. Use protocols such as
OAUTH for data
portability
Single sign-in protocols such as OAUTH
allow users to create accounts by simply
providing details of another account.
3.

9. Use HTTPS to enforce
secure communications
The steps should be taken to make sure
that the SSL certificate has been properly
deployed to prevent exposure to
vulnerabilities related to SSL protocols.
4.

10. Inform users about
personal data from
‘contact us’ forms and
encrypt the data
Users must be informed about the way
this data will be stored and of the duration
for which it will be retained.
5.

11. Make sure sessions and
cookies expire and are
destroyed after logout
Users must be made aware of the use of
cookies by the application.
6.

12. Get users’ consent to
track activity for business
intelligence.
Whenever user behavior is being
monitored and stored for business
intelligence, the users should be given the
option to accept or reject tracking.
7.

13. Inform users about logs
that save location or IP
addresses
Users should be told about use of IP
addresses or locations parameters that
help with authentication and
authorizations.
8.

14. Encrypt logs and store in
a safe place
Keep logs that contain user information in
a secure location place and update users
about what happens to these logs.
9.

15. Prevent security
questions from turning
on users’ personal data
The security questions used as a method
to confirm user identity should not include
personal information.
10.

16. Provide clear terms and
conditions and ensure visibility
so that users read them
Terms and conditions need to be placed
on the landing page of any web
application and need to be extremely
visible to the users when they navigate the
application.
11.

17. Keep users informed about
any data sharing with third
parties and delete data on
service deactivation.
Organizations or entities that share
personal data with third parties, including
external plugins, affiliates, or government
organizations, should mention the fact in
the terms and conditions.
12.

18. Los Angeles
28310 Roadside Dr, STE 255,
Agoura Hills, Los Angeles, California 91301
Phone : +1 818-318-0727
New Jersey
100 Overlook Center, 2nd Floor,
Princeton, New Jersey, 08540
Phone : +1 609-375-2017
Noida
8th Floor, Tower A,
Green Boulevard, Plot No.B-9/A,
Sector-62, Noida, Uttar Pradesh, INDIA
Phone : +91 120 4589900
www.techaheadcorp.com
Contact Us

19. Contact us to get your mobile app GDPR compliant
sales@techaheadcorp.com