How to get your app GDPR compliant?

On May 25th 2018, the General Data Protection Regulation (GDPR) will be in force. It will potentially affect any applications that collect and handle personal information.

Main aspects of GDPR

  • "Privacy by Design"

    Data protection must be an integral part of a product's development from the beginning.

  • Information

    Subjects should be informed about data processing itself, the data being processed, and the legal basis and duration of the data processing.

  • Explicit Consent

    In certain use cases, data management is only possible with the explicit consent of the subject.

  • Subject rights

    We must make sure that subjects of the data processing can participate their rights - like right to be informed, right to access, right to rectify, right to object or restrict processing and right to be forgotten – in an appropriate manner.

  • Security

    We need to ensure proper data protection both in the traditional sense of systems security and in terms of processes. We must effectively detect possible data breach and report it to the competent authorities within 72 hours.

  • Documented data processing

    We need to document the purpose, legal basis and duration of the data processing, the movement of the data within the organization, the way the data is being processed, the possible transfer of the data to third parties, and the circle of those who can access the data.

How we can help

  • In case of new apps

    From the beginning we design your app to be GDPR compliant. During development we prepare all the documentation that allow your lawyers to assess your data processing, verify its compliance with the law, and prepare the necessary legal documents for you. If required, we will work with your legal team to implement data processing within the app.

  • In case of existing apps

    During our audit, we fully map and document the movement of data within your existing app and organization. Penetration testing and general security tests are performed, we inform you about the potential vulnerabilities, and we fix them. We make suggestions on how to make your existing app GDPR compliant, and help you implement the required features.

Don't know where to start?

We provide a variety of entry-point services to our customers. If you are interested in the details, check out our services page or contact us.