Many companies worked hard to get on top of the General Data Protection Regulation it was ratified on May 25, 2018. During the intense process a lot of companies forgot their mobile apps.
Becoming GDPR compliant for May 25, 2018 was a great challenge for many companies. Just to get an overview of the personal data in company owned databases and to master the processing of data was a great task for many. This is why your company may have overlooked whether your mobile app complies to the legal demands for the processing of personal data required by GDPR.
Data breaches from mobile apps
When a user downloads your company’s mobile app onto a mobile device, the app begins to collect personal information about the user. This data is shared with your company. However, in the process there is a risk of data breaches to third-party data processors.
Information about usage of the app can also be collected through components embedded in the app during development or via online and cookie identifiers from advertising networks. Furthermore, the users’ personal data may also be shared with third-parties outside the EU/EEA and possibly with an unsecure third country, which is not allowed without a valid consent. If you share personal data to third-parties via your mobile app, you are required to create a data sharing and a data processing agreement with the relevant third-parties.
Data Protection Authorities across Europe are issuing fines already
Since January 2019, a number of European countries have been fined for breaches to the GDPR. Most notably, the French Data Protection Authority CNIL fined Google €50 million for transparency issues, insufficient information and lack of valid consent concerning personalization of ads.
If you do not have appropriate records and governance of your users’ data in place to be able to demonstrate your GDPR compliance, you may risk being fined. Recently, the European Data Protection Agencies announced that they will regularly fine violations of the GDPR.
The General Data Protection Regulation defines personal data as being data that can be used to identify individual users by name, phone number and address. However, it can also be digital information that makes it possible to identify an individual directly from the information you are processing such as GPS-location, online and cookie identifiers, mobile Ad ID, device ID etc., which can be collected together with the users’ behavioral data collected continuously using the app.
To avoid abuse or misuse of your users’ personal data, as a company you are required to review your digital content in accordance with GDPR guidelines for data processing. This also applies to your data traffic, registration, processing and storage as well as data processing agreements with your suppliers.
It is all about your users’ trust
An analysis by Ofcom (the Office of Communications) and the UK Data Protection Agency reveals that a large portion of the British internet users is concerned that their privacy is not sufficiently protected online. For instance, they are worried that their personal data are being abused or misused. Therefore, it is necessary that you protect your users’ data when they use your mobile app.
Aside from following EU law, offering a GDPR compliant mobile app also maintains and promotes users’ trust in your digital service.
How to get started with mobile app compliance
Are you ready to take the next step towards securing your app data? Book a meeting with our compliance experts and we will perform a GDPR audit on your app