Main aspects of GDPR
"Privacy by Design"
Data protection must be an integral part of a product's development from the beginning.
Subjects should be informed about data processing itself, the data being processed, and the legal basis and duration of the data processing.
In certain use cases, data management is only possible with the explicit consent of the subject.
We must make sure that subjects of the data processing can participate their rights - like right to be informed, right to access, right to rectify, right to object or restrict processing and right to be forgotten – in an appropriate manner.
We need to ensure proper data protection both in the traditional sense of systems security and in terms of processes. We must effectively detect possible data breach and report it to the competent authorities within 72 hours.
Documented data processing
We need to document the purpose, legal basis and duration of the data processing, the movement of the data within the organization, the way the data is being processed, the possible transfer of the data to third parties, and the circle of those who can access the data.
How we can help
In case of new apps
From the beginning we design your app to be GDPR compliant. During development we prepare all the documentation that allow your lawyers to assess your data processing, verify its compliance with the law, and prepare the necessary legal documents for you. If required, we will work with your legal team to implement data processing within the app.
In case of existing apps
During our audit, we fully map and document the movement of data within your existing app and organization. Penetration testing and general security tests are performed, we inform you about the potential vulnerabilities, and we fix them. We make suggestions on how to make your existing app GDPR compliant, and help you implement the required features.