Do you remember when we discussed mobile app security? We wanted to share with you some of the most important steps you need to follow in order to win users’ trust. While those ideas were just good practices for a better relationship between your customers and your business, they will become mandatory after May 25, 2018, when General Data Protection Regulation (GDPR) goes into effect. Today we will tell you more about this major event for mobile apps world.
What GDPR Means
Let’s start with a little theory. Probably everyone knows that General Data Protection Regulation (GDPR) is a regulation in European Union law for protecting the personal data of European citizens. We recommend you to read the official document but we will talk here about its effects for mobile apps. This means that both users and app owners will be affected by GDPR.
First of all, app owners have the obligation to:
- provide transparency regarding the way they handle user personal data (12 GDPR);
- inform users where they collect their personal data (13 GDPR);
- inform users about the purpose of processing their personal data, especially when the data doesn’t come directly from users (14 GDPR).
Secondly, users have the right to:
- access their personal data (15 GDPR);
- control their data (16 GDPR – Art. 17 GDPR);
- object to the processing of their personal data ( 21 GDPR).
While app owners should change their approach when it comes to collect user personal data, users also should pay more attention to the information they share. Additionally to the huge fine for not respecting these rules, app owners also risk losing their users and these facts will definitely ruin their businesses. We won’t go into details about the consequences of not complying with GDPR but there are studies which prove that a huge number of apps are influenced by these rules. For example, Adjust analyzed apps installed between January 2nd and January 31st, 2018. And since “the apps within EU must be 100% compliant with the law”, analysts focused on the apps from other countries which can be affected by these modifications. The report revealed that 79% of apps outside EU have at least one user in Europe.
What To Do To Comply With GDPR
We agree that it is very difficult to change the app entirely but users’ privacy is very important! Therefore, it is crucial to adapt your app in order to comply with GDPR. It is hard to offer you a general strategy because there are many factors which influence these modifications. It depends on your app category and on the amount of data processed. Let’s not forget about the reason why you gathered information from users in the first place. Anyway, we will try to highlight some essential points for improving your app.
Data Mapping
The first step is to check your entire app and to detect all the places where you collect data from users. If you are an independent developer it is relatively easy because you know the system you created. But if your app was built by a team of developers, designers and other experts you need to spend a lot of time deciding which processes remain and which ones should be removed.
Security Measurements
Well, this point should be evident and without doubt, all app owners already invested most part of their resources into security procedures for protecting their users before the implementation of GDPR. Now you should go more into details for making sure that your users’ data is safe and secure. It goes without saying that without enforcing your security system you can’t go further with your plan.
Onboarding Flow
The most obvious element regarding the information received from users is Privacy Policy. We won’t even mention Terms & Conditions agreement. Let’s be honest! Who reads the entire document? We all are in such a hurry and this has nothing to do with your app. But for making sure that your product follows the rules you should care for transparency. Whenever you ask users something about themselves you must mention why you need the information.
Privacy By Design
After the onboarding flow, continue with the rest of the app and check every activity to make sure that you communicate with your users through the app. Make it clear how you store the information received and the purpose of processing users’ data. Ask their consent every time you use their data, especially when you share it with third parties. Users must be able to access and control their data.
Right To Be Forgotten
One of the novelties requested by GDPR is users’ right to delete their personal information, called “Right To Erasure”, and that is available under certain circumstances, of course. You, as an app owner, should implement a method for allowing users to remove the data which is no longer necessary taking into account the reason why they shared the information in the first place.
Update The App
After all these modifications, you must upload the new version of your app and make it available on the app store. The next steps are to inform users about all the changes you’ve made and to make sure that the updated app works properly. Keep in touch with your customers and use their feedback for improving your product. Keep in mind that you should continue with these improvements and offer a secure environment for your users is a permanent process.
Final Thoughts
The conclusion is that GDPR has significant importance for mobile ecosystem because companies’ owners have the obligation to reveal how they use the information received from customers and users will have better control over their personal data. As an app owner, you must do whatever it takes to comply with GDPR while users should be more careful with the data they share. Please take into account that the ideas presented above have the purpose to help you but we strongly recommend you to get professional legal advice before deciding how to change your app according to the GDPR requirements!