The European Union’s General Data Protection Regulation (GDPR) is an important and globally influential data and privacy law. The GDPR applies to anything that collects and processes personal data of EU users – including apps, websites, and other digital solutions. If data is collected for any EU citizen the GDPR still remains in effect. The main goal of the GDPR is to provide EU individuals with privacy protection and more control over their own personal information. At the same time, the GDPR aims to improve how companies handle personal consumer data. Any business that performs transactions in the EU or collects and processes EU citizens’ data is subject to the GDPR’s protection regulations. If these companies fail to comply, they are facing serious consequences, like hefty fines or worse. So, if you have EU users, regardless of where your organization is located, you should always make sure to comply with the GDPR.
As soon as Facebook’s data abuse scandal broke, questions of legality and regulation quickly came into focus. Most notably, the scandal found itself at odds with a piece of legislation in the European Union (EU) called the General Data Protection Regulation (GDPR), which plenty of Americans were hearing about for the first time. Though Facebook is a company based in the U.S., due to the nature of the internet, regulations like GDPR have far-reaching consequences for individuals and companies all around the world.
The GDPR is a landmark piece of legislation in the EU that is stronger data protection and digital privacy laws for EU citizens. Replacing the 1995 Data Protection Directive, the GDPR is an attempt to give internet users is to say how their data is used and mandates companies to strict guidelines on how it is collected, stored, and leveraged. Slated to come into law on May 25 2018, it stands to make a dramatic impact on a variety of international companies and services.
The GDPR consists of a total of 99 articles that include a wide range of privacy requirements, such as:
•Users must give their explicit consent before personal data is being collected
• Data security should be built in and is enabled by default
•Users have the right to always have access to their personal data
•Data portability is a legal right
• Users have the right to have their data removed when requested
•Users have the right to know when their personal information has been compromised
The EU’s data protection policies have always been seen as a global golden standard. And while technologies have changed immensely over the past few years, regulations have had to keep up. One of the EU’s greatest triumphs in recent years was the introduction of the General Data Protection Regulation (GDPR) in 2016. It follows up the 1995 Data Protection Directive, which was introduced when the internet just entered most of our lives. Seeing the difference between the internet right after its emergence and its ubiquity in our current lives, you can imagine that the regulations within the Data Protection Directive were not aligned with the current state of the internet and personal data use any longer.
Data Privacy in Mobile apps
A significant difference between the time of the 1995 Data Protection Directive and the current General Data Protection Regulation is the emergence of the smartphone and mobile apps. While the internet used to be a convenient accessory in the ‘90s and ‘00s, it has now become an extension of our daily lives. We rely on our smartphones for staying connected with our friends and family, for making, storing, and sharing our pictures, for booking rides, buying clothes, ordering food, you name it. These applications possess their own functionalities, and they all require at least some kind of personal information from you. This could include something as simple as your name and email address, or something as sensitive as your bank credentials or your home address.
GDPR and App Development