Make your App GDPR Compliance Ready

What is GDPR?

GDPR stands for General Data Protection Regulation. The regulation will get enforced from May 25th, 2018 and it will be mandatory for apps and website to be GDPR compliance ready. This law will give EU citizens more control over their personal information collected and handled by the companies.

GDPR applies to any organization that holds information of even a single resident from European Union (EU), regardless of the location of the company. Many organizations outside the European Union are unaware that the EU GDPR regulation applies to them as well.

If a company provides services or offer goods to EU residents, then the digital assets like website and apps must meet the GDPR compliance. Here is the complete list of company’s digital products that require GDPR compliance.

10 UX changes to make an app GDPR compliant

GDPR on apps/websites will have a significant impact on how the users are going to interact and provide information.

Here are the ten critical UI changes to interact with the users. To get a complete GDPR audit report, get in touch with experts from LeewayHertz.

1. Don’t merge the consents together

GDPR says explicitly that Terms and Condition and Privacy policy should be separate consents. These consents should be visible to the users and as shown below for a hotel room booking app.

gdpr compliance

Correct way of making app login GDPR Compliant

gdpr compliance app

Non-GDPR compliant signup process

2. Explain reason to the users

While collecting personal information from the users on the app like email, phone number, or the address, inform the basis for data collection. Increase transparency and let them know the specific reason for any field collection. Here is an excellent way to show information to the users.

gdpr compliance website

3. Subscription Management

After the customers give consent to communicate, they should be given controls to manage various subscriptions and communication channels. All options should be set to ‘off’ by default. Users should be asked where they want to receive communications like phone, email or both.

gdpr compliance app login

4. Ask Access Duration

A user can set a time limit for the companies to track or access their information like location, contact list, photo gallery or messages.
Once the approved time is over, the data should then be deleted or archived.

gdpr compliance terms and conditions

5. Allow the user to edit information

Users should be allowed to modify the data without notice to the organization.

gdpr compliance access duration

6. Allow users to view data

A user should be able to see and download the data shared with the organization. Ideally, the information should be emailed on request.

gdpr compliance view data

7. Allow users to delete data

Users should have the option to remove all or any data from the database for any time range. For example on a hotel booking app, a user should be able to delete his booking history, browsing or search history, location data or more by selecting a date range.

gdpr compliance delete data

8. Allow users to delete an account

Apps should have an option for users to remove a statement from the database. Users should also be informed of what will happen if they cancel the account. Asking for a password before deleting the account should be mandatory.

gdpr compliance delete account

gdpr compliance data usage policy

9. Information changes in data usage policy

All platform users should be informed about any changes in the data usage policy. Find a way to show the notification to the users and take consent.

gdpr compliance secure data

gdpr compliance audit

10. Secure the user data

User data security should be the utmost priority. Companies can be fined up to 2% of their yearly revenue in case there is a data breach. Follow these steps to secure the sensitive data:
Send data to the third-party applications through HTTPS.
Store encrypted data on the local server.
Follow best practices in cloud security no root access, whitelisted ssh IPs,12-factor apps, strong passwords, team password management tools, workplace security, firewalls to reduce attack surface, clean desk policies, etc.)

Get GDPR compliance
before time runs out

GDPR Countdown








May 25, 2018 CET

Who can help me?

The points stated above are few examples of how companies can modify their apps. Executing changes to make an app GDPR compliance ready will need significant modifications in the interface design, user experience, and user permissions. To get a detailed and custom GDPR audit report, contact consultants or an agency that has experience working with other companies.

To fully comply with the law, the following teams need to work together:

Usability and interface designers
Developers (iOS/Android/Web)
Analytic Team
Legal Advisor
Security Team

Author’s Bio


Akash Takyar

CEO LeewayHertz

Akash has built over 100+ digital platforms used by millions of consumers. Akash is a core member and ambassador of Hedera Hashgraph and Hyperledger. Akash has invented a reverse geocoding algorithm used by Uber and Twitter. Akash is a technical architect and has been a consultant to McKinsey, 3M, Simens and Hershey’s. Akash holds a masters degree in computer applications.

Talk to us to discuss your project requirement.

 Send me the signed Non-Disclosure Agreement (NDA)