Select Page

Are you ready for GDPR compliance?

20 action items to make your product GDPR compliant

Talk to our Consultant
GDPR Compliance

20 Action items to make your product GDPR compliant

If you have even a single EU user registered on your platform you need to be GDPR compliant ready. The General Data Protection Regulation(GDPR) is designed to impact the businesses with connections to Europe broadly. GDPR is meant to protect data of EU citizens all across the EU nations. The personal data protected under GDPR includes but not restricted to data such as mailing address, payment information, product purchases, employee data, IP address, and so on. Non-compliance with GDPR may either fine companies up to 20 million Euros or 4% of the annual revenue for the prior year. If you own an app, website, software or any digital platform, ready further to understand how to get your product GDPR compliance ready.

What is GDPR Compliance?

GDPR stands for General Data Protection Regulation. It is applicable to the companies that have to collect and process data which belongs to European Union Citizens. This law will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law which regulates how companies protect the personal details of EU citizens. This law is not just admissible to companies with operations in EU but also to applications or websites that gather sensitive data of EU citizens.

GDPR Deadline

The last date for compliance with the European Union General Data Protection Regulation is 25th May 2018. The companies unable to comply with GDPR before the scheduled deadline will have to pay a hefty fine.

Who should care about GDPR compliance ready?

All software developer, startups, companies who has any sort of software, apps, website that they own, need to be GDPR compliant.

What technology products are required to be complaint ready?

  1. iPhone App
  2. iPad App
  3. Android App
  4. Windows App
  5. Apple TV Apps
  6. Smart TV Apps
  7. Web Portals
  8. Marketing Websites
  9. APIs
  10. Cloud storage
  11. Browser Extensions

Points to be considered while making your product GDPR compliance ready or improving the security of data

    1. If you have even a single EU user registered on your platform you need to be GDPR compliant ready.
    2. Distinguish between what user data is necessary to run the platform and what user data is being collected to run business intelligence.
    3. The right of access, states that user must be aware of that the app is collecting user’s personal information with the intention to save it. Take user permission before collecting any of the following information:
      • Storing Cookies on the device
      • Saving data in the cloud or 3rd party storage
      • Tracking user activities or behavior on the platformGive user an option to clear all historical data
    4. Give the user an option to export all the data
    5. Give the user an option to delete everything
    6. Use secured protocols like https, SFTP to transfer data on the network
    7. Use 2-way Authentication or OAuth 2.0 standards for authentication
    8. User permission and access control should be revised to comply with GDPR
    9. Make sure sensitive information like passwords etc are hashed and saved on encrypted databases or filesystems with restricted access to IPs.
    10. Make sure cookies and sessions are cleared out once the user logs out
    11. The privacy policy should clearly define what all information is being saved in the system
    12. The user should be well informed of the data being shared with third parties if any
    13. The user should be made aware immediately in case of any Data Breach
    14. If you are logging data into an analytics tool, like Google Analytics, Mixpanel or anything similar, you will need to provide an interface so that user can view and delete the data.
    15. Provide user a form or email address for consent withdrawal or filling any complaint related to privacy policy
    16. Make sure you sent notifications if you modify or change the privacy policy

Few other security measures to consider

  1. All the API’s or Web Portals should be protected against DDoS/CORS and other security vulnerabilities
  2. Any API or web service that will allow the user to export the data, should comply with highest security measures such as:
    • SHA256 encryption,
    • Https enabled
    • OAuth 2.0 standard implementation for the APIs,
    • DDoS/CORS security,
    • IP restriction,
    • Throttle handling
    • Circuit break mechanism for delayed responses
  3. All security credentials saved locally on the client interfaces like mobile apps, browser etc, should be hashed and encrypted. If possible, perform a secured handshake on each session creation.
  4. Perform a monthly audit of your security standards for all the component and keep revising the security practices based on the industry learning.

LeewayHertz provides end to end service to make an app, website or a platforms GDPR ready.

Webinar Details

Author’s Bio

Akash Takyar
Akash Takyar
CEO LeewayHertz
Akash Takyar is the founder and CEO at LeewayHertz. The experience of building over 100+ platforms for startups and enterprises allows Akash to rapidly architect and design solutions that are scalable and beautiful.
Akash's ability to build enterprise-grade technology solutions has attracted over 30 Fortune 500 companies, including Siemens, 3M, P&G and Hershey’s. Akash is an early adopter of new technology, a passionate technology enthusiast, and an investor in AI and IoT startups.
Write to Akash

Start a conversation by filling the form

Once you let us know your requirement, our technical expert will schedule a call and discuss your idea in detail post sign of an NDA.
All information will be kept confidential.

Follow Us