GDPR has recently sought attention from many. Those who have heard about it recently but have not explored it much are calling it a repercussion of data leak or hacking of couple of big social websites recently. But GDPR has indeed its roots much deeper than that. European Union was alert of such possibilities already in past and hence had suggested GDPR few years back. May 25th, 2018 is declared as deadline to start implementing GDPR across all such tools and application which collect personal data from its users. The EU-GDPR (General Data Protection Regulation) will replace the Data Protection Directive 95/46/EC and has been designed to blend data privacy laws throughout Europe to protect data privacy of every EU citizen. New regulation strictly aims to restructure the way organizations across the region handle data privacy.
Key highlights of GDPR can be understood in quick and easy way as mentioned below.
1. It applies to all companies processing the personal data of EU citizens, regardless of the company’s location.
2. Companies will no longer use long and illegible terms and conditions while creating a user account on their platform.
3. Consent shall be clear, intelligible and easily accessible form.
4. Citizens will have right to obtain confirmation from platform owners as to where and for what purpose is their data being processed.
5. Citizens will be able to revoke the access of platform from using their personal data.
6. Citizens will have right to receive their personal data concerning them in digital format so as to let that be provided to another platform.
7. Personal Data will include, not limited to, Name, email ID, Gender, Age, Health Details, Address, Bank Details, computer IP address posts on social networking websites and alike.
How does this impact the Software Development Industry
Those web apps or mobile apps which collect personal information from its users while asking them to get registered on the app will now require to follow GDPR compliance. Some product owners are considering it to be just another type of Terms and Conditions checkbox during users’ registration process. But this indeed is much more than that. It shall be a sort of module in itself. Users will have a facility to see a popup which shall share the elements of the user’s personal information collected by the app owner in a very legible way along with sharing the purpose of the app owner for collecting such information.
After the user gets registered on the app by sharing such personal information, he shall have an option in his user account to revoke the access of the shared information any time. If user opts to revoke the access, a warning shall be shown to him to seek his confirmation. If he still agrees to that warning, then the user’s such personal information will have to be deleted permanently from the application.
So those apps which are already built and do not have this feature implemented will need to get this developed. And those who are building their apps new, will need to consider developing this while working on the app development.
What if platforms or app owners do not follow GDPR norms in their apps
Under GDPR, if the norm is breached then within 72 hours of first having become aware of such breach a notification will be sent about it to the users that data breach is likely to “result in a risk for the rights and freedoms of individuals”. An organization in breach can be fined up to €20 Million or 4% of annual global turnover, whichever is greater. This is the maximum fine that can be imposed for the most serious breach.
Some Common questions
Who is Data Subject in GDPR documentation?
Users, consumers, EU Citizens or people registering on the platform are referred as Data Subject.
Who is Data Controller in GDPR documentation?
A controller is the one who determines the purpose and means of the processing personal data of users.
Who is Data Processer in GDPR documentation?
A processor is the one who processes personal data on behalf of the controller
Will GDPR be applicable in UK as well?
As on date, it is known that after Brexit, GDPR will not be applicable in UK.
Will GDPR be applicable for companies outside EU?
Any company based anywhere in the world if collects any personal information from EU citizens, then they will have to be adhered to GDPR norms.