6 steps to get GDPR compliant on your Mobile app

6 steps to get GDPR compliant on your Mobile app

Many companies worked hard to get on top of the GDPR before the General Data Protection Regulation was ratified on May 25, 2018. During the intense process a lot of companies forgot their mobile apps.

Becoming GDPR compliant for May 25, 2018 was a great challenge for many companies. Just to get an overview of the personal data in company owned databases and to master the processing of data was a great task for many. This is why your company may have overlooked whether your mobile app complies to the legal demands for the processing of personal data required by GDPR.

Data breaches from mobile apps

When a user downloads your company’s mobile app onto a mobile device, the app begins to collect personal information about the user. This data is shared with your company. However, in the process there is a risk of data breaches to third-party data processors.

Information about usage of the app can also be collected through components embedded in the app during development or via online and cookie identifiers from advertising networks. Furthermore, the users’ personal data may also be shared with third-parties outside the EU/EEA and possibly with an unsecure third country, which is not allowed without a valid consent. If you share personal data to third-parties via your mobile app, you are required to create a data sharing and a data processing agreement with the relevant third-parties.

BEFORE LONG THE Data protection agency will issue fines

If you do not have appropriate records and governance of your users’ data in place to be able to demonstrate your GDPR compliance, you may risk being fined. Recently, the European Data Protection Agencies announced that they will regularly fine violations of the GDPR.

The General Data Protection Regulation defines personal data as being data that can be used to identify individual users by name, phone number and address. However, it can also be digital information that makes it possible to identify an individual directly from the information you are processing such as GPS-location, online and cookie identifiers, mobile Ad ID, device ID etc., which can be collected together with the users’ behavioral data collected continuously using the app.

To avoid abuse or misuse of your users’ personal data, as a company you are required to review your digital content in accordance with GDPR guidelines for data processing. This also applies to your data traffic, registration, processing and storage as well as data processing agreements with your suppliers.

It is all about your users’ trust

An analysis by Ofcom (the Office of Communications) and the UK Data Protection Agency reveals that a large portion of the British internet users is concerned that their privacy is not sufficiently protected online. For instance, they are worried that their personal data are being abused or misused. Therefore, it is necessary that you protect your users’ data when they use your mobile app.

Aside from following EU law, offering a GDPR compliant mobile app also maintains and promotes users’ trust in your digital service.

How to get started with mobile app compliance

1. Get a complete overview of your app and document its data collection and data processing

You must have an overview of which personal data your app collects directly from the users’ device, transfer to your company or to third-parties. Get your mobile app scanned and analyzed in relation to its data collection and data processing.  

2. Inform the users of the app about the data collection and data processing

Your privacy policy must be available for the users of the app and must provide information about data collection and data processing. Inform users about why their personal data are collected, who processes these data and for how long the data are stored.

3. Inform the users about when you share their personal data to third-parties

You must inform the users when you share their personal data with third-parties. Clarify, who receive their personal data and why they process the users’ personal data.

4. You are required to collect the users’ consents

You must collect the users’ consents and the content of the consent form must be sufficient to allow the processing of the users’ personal data.

5. Be accessible and available for the users of your app

The users of your mobile app must be able to easily contact your company to gain access to the personal data you store about them.

6. Apply appropriate security measures to protect the users’ personal data

You must implement appropriate technical security measures to protect the personal data processed by your mobile app. Assess whether personal data are stored in a protected format, whether the sharing of data is encrypted via a secure connection and whether the app applies trusted certificates.

About Cookie Information

Cookie Information is a Privacy Tech Company specialized in developing software that helps you and your company insure that your websites and mobile apps are GDPR & ePrivacy compliant.  We help more than 1.000 companies and handle more than 4 billion consents each year.

Cookie Information is a global provider founded in Copenhagen, Denmark in 2011. We employ 25 highly qualified colleagues. Half of our employees work from our Office in Copenhagen and the others at our office in Oslo and with our development partners. Cookie Information provides solutions globally.