The European Union’s General Data Protection Regulation (GDPR) went live on May 25th, 2018. It brings into practice a new set of data protection laws designed to harmonize existing data protection laws in the European Union. GDPR will impose upon digital enterprises a set of new user data privacy-related compliances that were missed out in the former regulations. What makes GDPR such a serious legal statute is its fines and penalties. Non-compliance of GDPR will attract a hefty fine amounting to $20 Million or 4% of turnover whichever is less.
The impact of GDPR will not be limited to the borders of the EU or any specific industry. On the contrary, it would have a global impact in the way business models are created, mobile apps are built and how the user is treated.
GDPR and Mobile App Development – Steep Curves Ahead
An average mobile user uses at least 9 mobile apps on a daily basis. Mobile app development has risen in ranks as the most active industry in the past one decade. The modern-day mobile app ecosystem made up of instant messengers, social media platforms, image sharing apps and much more which collect tonnes of user information on a real-time basis.
These apps collect an endless list of user information ranging from real-time location to age, gender, language, favourite, browser cookies, phone contacts, messages, and much more. Thanks to technologies like data mining, machine learning, predictive analytics, etc. these mobile apps are adept at knowing their users better than they know themselves. And, that poses a privacy threat?
In fact, a large majority of the mobile apps that we use today could be in non-compliance with GDPR. The recent controversy involving Facebook and Cambridge Analytica also dampens public sentiments about data privacy.
Are all mobile app developers at fault? Not necessarily. As a matter of fact, all this data is collected to deliver a truly personalized mobile app experience that will keep users hooked. Unfortunately, few bad apples have made it tough for the good ones too. As a result, rigid statutes like GDPR have come into force.
Now, let’s dive deep and see what GDPR is all about and how it would influence the way you build mobile apps in the future.
Things App Developers Must Know to Develop GDPR Compliant Mobile Apps
Going forth, mobile app developers must ensure that they are on the right side of GDPR to save themselves from being fined. This means ensuring top-notch security for customer data, taking data with permission and a long list of other compliances.
Here is a quick breakdown of them.
- Obtain User Consent for Info Collection
The mobile app must convey its terms and conditions of use in a transparent manner. By transparency, it is implied that the T&C would be written in a manner that any layman would easily understand. Excess use of jargons is discouraged.
- Communicate Why Such Data is Being Collected
GDPR lays down that mobile app builders communicate to their users why the data they collect is being collected. The term that GDPR uses is to obtain ‘legal consent’ from users.
- Include Privacy Right in the Design Stage
User data privacy should be taken into consideration right from the designing stage of the mobile app. For instance, the privacy controls can be designed to have options that will allow the user to enable/disable data monitoring by the app developer.
- Give Users the Option to Revoke Data Collection
Right to erasure is one of the significant user privileges that GDPR puts forth. Art. 15 of GDPR lays down that the data subject (the user) would have several rights relating to their personal data, including the right to have a copy of personal data undergoing processing, right to revoke further data monitoring or permanently delete the data collected until then.
For mobile app developers, this translates into giving their users the right to delete the history of messages, service requests, location, cookies, or any other form of data that the app has collected.
- Ensure Data Protection for User Data & Document its Details
Organizations (mobile app developers) must document how and for what purpose user data is being processed. Such documentation must also be presented for scrutiny to regulators upon request.
- Have a Breach Response System in Place
When data breaches occur, the mobile app developer is required to intimate the authorities within 72 hours of the incident. In circumstances where there is a serious breach of user data, users must also be intimated of the same. GDPR vests individual users with the right to seek civil actions against organizations that are violating their rights under GDPR.
The Road Ahead
With the introduction of GDPR, mobile app developers need to ensure that their apps are in compliance with the data protection regulations right from the design stage. The regulation empowers users to seek legal remedies against wrongdoing organizations. Considering the hefty fine that would be imposed on violators, complying with GDPR would be the safe bet.
To bring it all together, ensure that you collect data from users only after obtaining their explicit consent. Second, ensure that the data collection process has a legal intent to it. The data so collected must be stored under maximum security conditions, the fine details of which must also be documented. When things go wrong (data breach!) ensure that there is a pre-defined system to alert the necessary stakeholders of the incident and the immediate actions to be taken to reduce damage to user data.
Finally, remember that it is better to be on the right side of the law than anywhere else.