Make your App GDPR Compliance Ready

What is GDPR?

GDPR stands for General Data Protection Regulation. The regulation will get enforced from May 25th, 2018 and it will be mandatory for apps and website to be GDPR compliance ready. This law will give EU citizens more control over their personal information collected and handled by the companies.

GDPR applies to any organization that holds information of even a single resident from European Union (EU), regardless of the location of the company. Many organizations outside the European Union are unaware that the EU GDPR regulation applies to them as well.

If a company provides services or offer goods to EU residents, then the digital assets like website and apps must meet the GDPR compliance. Here is the complete list of company’s digital products that require GDPR compliance.

10 UX changes to make an app GDPR compliant

GDPR on apps/websites will have a significant impact on how the users are going to interact and provide information.

Here are the ten critical UI changes to interact with the users. To get a complete GDPR audit report, get in touch with experts from LeewayHertz.

1. Don’t merge the consents together

GDPR says explicitly that Terms and Condition and Privacy policy should be separate consents. These consents should be visible to the users and as shown below for a hotel room booking app.

Webinar Details

Author’s Bio

Akash Takyar

CEO LeewayHertz

Akash Takyar is the founder and CEO at LeewayHertz. The experience of building over 100+ platforms for startups and enterprises allows Akash to rapidly architect and design solutions that are scalable and beautiful.
Akash's ability to build enterprise-grade technology solutions has attracted over 30 Fortune 500 companies, including Siemens, 3M, P&G and Hershey’s. Akash is an early adopter of new technology, a passionate technology enthusiast, and an investor in AI and IoT startups.

Write to Akash

Correct way of making app login GDPR Compliant

Non-GDPR compliant signup process

2. Explain reason to the users

While collecting personal information from the users on the app like email, phone number, or the address, inform the basis for data collection. Increase transparency and let them know the specific reason for any field collection. Here is an excellent way to show information to the users.

3. Subscription Management

After the customers give consent to communicate, they should be given controls to manage various subscriptions and communication channels. All options should be set to ‘off’ by default. Users should be asked where they want to receive communications like phone, email or both.

4. Ask Access Duration

A user can set a time limit for the companies to track or access their information like location, contact list, photo gallery or messages.
Once the approved time is over, the data should then be deleted or archived.

5. Allow the user to edit information

Users should be allowed to modify the data without notice to the organization.

6. Allow users to view data

A user should be able to see and download the data shared with the organization. Ideally, the information should be emailed on request.

7. Allow users to delete data

Users should have the option to remove all or any data from the database for any time range. For example on a hotel booking app, a user should be able to delete his booking history, browsing or search history, location data or more by selecting a date range.

8. Allow users to delete an account

Apps should have an option for users to remove a statement from the database. Users should also be informed of what will happen if they cancel the account. Asking for a password before deleting the account should be mandatory.

9. Information changes in data usage policy

All platform users should be informed about any changes in the data usage policy. Find a way to show the notification to the users and take consent.

10. Secure the user data

User data security should be the utmost priority. Companies can be fined up to 2% of their yearly revenue in case there is a data breach. Follow these steps to secure the sensitive data:
Send data to the third-party applications through HTTPS.
Store encrypted data on the local server.
Follow best practices in cloud security no root access, whitelisted ssh IPs,12-factor apps, strong passwords, team password management tools, workplace security, firewalls to reduce attack surface, clean desk policies, etc.)

Who can help me?

The points stated above are few examples of how companies can modify their apps. Executing changes to make an app GDPR compliance ready will need significant modifications in the interface design, user experience, and user permissions. To get a detailed and custom GDPR audit report, contact consultants or an agency that has experience working with other companies.

To fully comply with the law, the following teams need to work together:

Usability and interface designers
Developers (iOS/Android/Web)
Analytic Team
Legal Advisor
Security Team