Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

12 Essential Steps for GDPR Compliant Mobile App

90 views

Published on

The new GDPR regulation, which was enacted in May 2018, will completely change the way companies use and manage personal data of their users. For organizations that operate in Europe or gather personal data of EU citizens residing in any part of the world, this means reviewing the technical implication that these updated laws will have on their web applications or online operations. How do you implement an application that’s compliant with the EU directive that provides complete control of personal data to users? Here are 12 guidelines:

Published in: Technology
  • Be the first to comment

  • Be the first to like this

12 Essential Steps for GDPR Compliant Mobile App

  1. 1. t12 Essential Steps for GDPR Compliant Mobile App 12 Essential Steps for GDPR Compliant Mobile App
  2. 2. What is GDPR? The new GDPR regulation, which was enacted in May 2018, will completely change the way companies use and manage personal data of their users. For organizations that operate in Europe or gather personal data of EU citizens residing in any part of the world, this means reviewing the technical implication that these updated laws will have on their web applications or online operations.
  3. 3. Consequences of non- compliance with GDPR Organizations that fail to implement GDPR risk being levied huge fines in the range of €1 million or 2% of the global turnover, or €2 million or 4% of the global turnover, depending on the sensitivity of the data.
  4. 4. Four Most Important Aspects of the Law 1. Easier Access to Your Own Data 2. A Right to Data Portability 3. A Clarified Right to be Forgotten 4. The Right to Know When Your Data Has Been Hacked
  5. 5. How do you implement an application that’s compliant with the EU directive that provides complete control of personal data to users? Here are 12 guidelines
  6. 6. Analyze whether all the personal data requested by app is actually needed Ideally, a privacy implementation should save as little as possible of the users’ personal details, such as birth date, name, country of residence, etc. 1.
  7. 7. All personal data should be encrypted, and users informed about it If an application needs to save personal information, this data should be encrypted using reliable and strong encryption algorithms, such as hashing. 2.
  8. 8. Use protocols such as OAUTH for data portability Single sign-in protocols such as OAUTH allow users to create accounts by simply providing details of another account. 3.
  9. 9. Use HTTPS to enforce secure communications The steps should be taken to make sure that the SSL certificate has been properly deployed to prevent exposure to vulnerabilities related to SSL protocols. 4.
  10. 10. Inform users about personal data from ‘contact us’ forms and encrypt the data Users must be informed about the way this data will be stored and of the duration for which it will be retained. 5.
  11. 11. Make sure sessions and cookies expire and are destroyed after logout Users must be made aware of the use of cookies by the application. 6.
  12. 12. Get users’ consent to track activity for business intelligence. Whenever user behavior is being monitored and stored for business intelligence, the users should be given the option to accept or reject tracking. 7.
  13. 13. Inform users about logs that save location or IP addresses Users should be told about use of IP addresses or locations parameters that help with authentication and authorizations. 8.
  14. 14. Encrypt logs and store in a safe place Keep logs that contain user information in a secure location place and update users about what happens to these logs. 9.
  15. 15. Prevent security questions from turning on users’ personal data The security questions used as a method to confirm user identity should not include personal information. 10.
  16. 16. Provide clear terms and conditions and ensure visibility so that users read them Terms and conditions need to be placed on the landing page of any web application and need to be extremely visible to the users when they navigate the application. 11.
  17. 17. Keep users informed about any data sharing with third parties and delete data on service deactivation. Organizations or entities that share personal data with third parties, including external plugins, affiliates, or government organizations, should mention the fact in the terms and conditions. 12.
  18. 18. Los Angeles 28310 Roadside Dr, STE 255, Agoura Hills, Los Angeles, California 91301 Phone : +1 818-318-0727 New Jersey 100 Overlook Center, 2nd Floor, Princeton, New Jersey, 08540 Phone : +1 609-375-2017 Noida 8th Floor, Tower A, Green Boulevard, Plot No.B-9/A, Sector-62, Noida, Uttar Pradesh, INDIA Phone : +91 120 4589900 www.techaheadcorp.com Contact Us
  19. 19. Contact us to get your mobile app GDPR compliant sales@techaheadcorp.com

×