GDPR Mobile App compliant in 6 steps

Many companies worked hard to get on top of the General Data Protection Regulation when it was ratified on May 25, 2018. During the intense process a lot of companies forgot their mobile apps.

Are you sending data to insecure third countries?

Becoming GDPR compliant on May 25, 2018, was a great challenge for many companies. To get an overview of the personal data in company-owned databases and master the processing of data was a great task for many. That is why your company may have overlooked whether your mobile app complies with the legal demands for processing personal data required by GDPR.

Data breaches from mobile apps

When a user downloads your company’s mobile app onto a mobile device, the app begins to collect personal information about the user, sharing data with your company. However, there is a risk of data breaches to third-party data processors.
Components embedded in the app during development or via online and cookie identifiers from advertising networks can also collect information about the app’s usage. Furthermore, the users’ data may also be shared with third parties outside the EU/EEA and possibly with an insecure third country, which is not allowed without valid consent. If you share personal data with third parties via your mobile app, you must create a data sharing and a data processing agreement with the relevant third parties.

Data protection authorities across Europe are issuing fines already

Since January 2019, many European countries have received a fine for breaches of the GDPR. Most notably, the French Data Protection Authority CNIL fined Google €50 million for transparency issues, insufficient information, and lack of valid consent concerning the personalization of ads.
If you do not have appropriate records and governance of your users’ data to demonstrate your GDPR compliance, you may risk getting a fine. The European Data Protection Agencies recently announced that they would regularly give a fine to those who violate the GDPR law.
The General Data Protection Regulation defines personal data as data that can be in use for identifying individual users by name, phone number, and address. However, it can also be the digital information that makes it possible to identify an individual directly from the information you are processing. Such as GPS location, online and cookie identifiers, mobile Ad ID, device ID, etc., which can be collected together with the users’ behavioral data collected continuously using the app.
To avoid abuse or misuse of your users’ data, as a company, you must review your digital content according to GDPR guidelines for data processing. That also applies to your data traffic, registration, processing, storage, and processing agreements with your suppliers.

It is all about your users’ trust

An analysis by Ofcom (the Office of Communications) and the UK Data Protection Agency reveals that many British internet users are concerned that their privacy is not sufficiently protected online. For instance, they are worried that their data is being abused or misused. Therefore, you must protect your users’ data when using your mobile app.

Aside from following EU law, offering a GDPR-compliant mobile app also maintains and promotes users’ trust in your digital service.

How to get started with mobile app compliance?

1. Get a complete overview of your app and document its data collection and data processing

It would be best to overview which personal data your app collects directly from the users’ device, transfers to your company, or third parties. Get your mobile app scanned and analyzed in relation to its data collection and data processing.

2. Inform the users of the app about the data collection and data processing

Your privacy policy must be available for app users and provide information about data collection and processing. Inform users about why their data is collected, who processes the data, and for how long the data is stored.

3. Inform the users about when you share their data to third parties

You must inform the users when you share their data with third parties. Clarify who receives their data and why they process the users’ data.

4. You are required to collect the users’ consent

You must collect the users’ consent, and the content of the consent form must be sufficient to allow the processing of the users’ data.

5. Be accessible and available for the users of your app

Your mobile app users must be able to easily contact your company to gain access to the personal data you store about them.

6. Apply appropriate security measures to protect the users’ data

You must implement appropriate technical security measures to protect the personal data processed by your mobile app. Assess whether personal data is in a protected format, whether data sharing is encrypted via a secure connection, and whether the app applies trusted certificates.
Want to ensure your mobile apps are GDPR compliant? Get in touch with our compliance experts.



The best Consent Management Platform for businesses and brands

250,000 websites already trust us with their GDPR compliance