How GDPR Impacts App Development
With the implementation of the EU’s General Data Protection Regulation (GDPR) last month, many clients are wondering how GDPR impacts app development stateside. While there is, of course, no simple answer, this post will review some key implications of GDPR at a high level so you know where you might need to dig deeper.
GDPR is designed to protect the individual rights of citizens in the European Union, providing a high level of transparency on how entities collect, store, and utilize personal information. It also puts control and ownership of that data back into the hands of the person. If you would like to learn more, you can get expert information here. There are four key individual rights that GDPR ensures:
Right to easy access of personal data. Organizations must provide individuals with easy-to-access information on what data they have, and how that data is collected and processed.
Right to data portability. Organizations must provide a simple and straightforward way to request an export of all personal data.
Right to be informed of a data breach. Organizations are required to notify individuals of a hack as soon as possible.
Right to be forgotten. Organizations must completely erase a user’s personal data upon request, provided there are no legitimate legal reasons for retaining it.
Data protection standards have long been in place, but previously the scope of the regulations were mostly in the context of service provider location. The new rules are in the context of the user, regardless of the location of the service provider. So, if you expect your app to be utilized by people residing in the European Union, then GDPR compliance will be required.
Obviously, those hardest hit will be those whose business models rely on collecting and leveraging large amounts of consumer data. However, even an enterprise oriented app that will be utilized by EU employees must comply to the regulations set forth by GDPR.
There are a few different places where GDPR could have a significant impact in your mobile app development:
Permissions: “Privacy by design” is a key tenet of GDPR, so it’s critical to understand what constitutes personal data. Personal data is any collection of information that could be used to reasonably identify an individual. Beyond clear data points such as name, SSN, email, and address it begins to boil down to context. If you collect a person’s occupation, that likely wouldn’t qualify, as many people likely have the same occupation. However, once you start combining that data with, say, company and IP address, it might become much more clear who someone is. So what’s the safest bet? Collect as little personal information as possible in your application.
That said, some amount of personal data will likely be collected by almost every mobile app that is created. As a result, one of the most obvious ways GDPR will affect app development is in the on-boarding process. You will need to be clear within the app interface as to how each piece of data requested will be utilized – and get permission for each usage situation. Even data that has not historically required consent (e.g. IP addresses) must also be considered.
For example, if you collect a user’s email address for app login, but have intentions of using that email for other purposes, you need to provide specific disclosure and an opt-in consent mechanism for each unique instance. In other words, one long user license can no longer be leveraged to cover the occasional marketing email, location-driven notifications, and re-marketing. You also must ensure there is an easy mechanism for revoking consent for any of those options.
Data Exchange and Management: Another area that GDPR impacts app development pertains to the regulations that support additional data exchange between the user and the service provider. As noted, the new rules call for the user to be able to ask if their data is being processed, get a complete copy of their personal data, and ask for complete erasure from the service provider’s system.
Any of these items are simple enough for a one-off manual process on a small scale. But, for a service provider, the potential for constant or high-volume inquiry may be enough to invest in automated mechanisms.
Another consideration is identity verification by the service provider; i.e. how can they confirm they are responding to a valid user request for data? For systems with login credentials, there is a built-in mechanism. But certain edge cases will likely muddy the waters and gaps in GDPR could potentially be exploited for fraud.
A year ago, if a service provider of an online loan application web site were to be asked by a user out of the blue to “please give me all of my personal information in a portable format and then also erase me from your system” you would be very suspicious. With GDPR, this now becomes a completely legitimate request that you need to process in a relatively short timeframe.
Data Security: The companies that will have success are those that already take security practices very seriously. Here are a few general guidelines that most applications should be following:
– Use HTTPS everywhere and avoid using services that don’t use HTTPS
– Use database-level encryption
– Keep sensitive and personal information out of log files
– Protect your system’s credentials and API keys, including keeping them out of committed code
– Favor two-factor authentication over security questions
That’s by no means an exhaustive list, but you’d be surprised how many applications out there don’t follow those basics. From there, you can begin evaluating your specific application. For instance, what types of user-generated content might you need to remove to comply with full erasure? What tests do you need to create to ensure full erasure? If you share user-identifiable data with 3rd-party systems, are you clearly communicating that to your users?
You’ll also need to decide if you want to support GDPR-like processes as a matter of general course, or only in cases where it’s absolutely required. While implementation could require more creative design and add some cost to development, GDPR does actually provide important protection for individual rights and may bring value for your business.
It could be cheaper to take a minimal approach at first, but we advise everyone to perform some type of upfront cost analysis. You may find that it’s less expensive than you thought to lay some of the initial groundwork. The bottom line here is that user privacy, including the new GDPR changes, is not something that can be bolted on after that fact. It needs involvement from managers, designers, developers, product owners and so on.
Whether you need to learn more for business purposes, or just desire help in getting to sleep at night, the best place to learn all the details about GDPR is the General Data Protection Regulation official web site. If you already were fairly versed in the prior data protection directive from 1995, you might find this site on GDPR Key Changes more useful.
If you’ve got a particular app development project in mind, or are uncertain about the implications of GDPR on an app you’ve already built, we’re happy to help. Please contact us to set up a time to talk.
With technology and a collaborative spirit, a meaningful new brand is born. BOULDER, CO -- After nearly a decade and a half of the same look and feel, InspiringApps is glowing up–and it only took pivot to remote work for inspiration to strike. The company, an industry-leading web and mobile app and software solutions group headquartered in Boulder, officially launched an innovative new brand and website encompassing its roots and plans for the future. A Collaborative Innovation While some companies struggled to work collaboratively and adjust to the new reality of remote teams, the InspiringApps team took on the massive challenge to become more cohesive than before. “Emerging from over a year of pandemic isolation and recognizing that InspiringApps had used the same branding for over a decade, it was the perfect time for a change. Our teams are doing amazing work for start-ups and huge enterprises alike. I welcomed a fresh perspective on our logo and color schemes,” Brad Weber, founder and president of InspiringApps shared. InspiringApps’ new logo reflects the company’s collaborative nature, combining efforts from our UI/UX and marketing teams. “We collaborated a lot remotely; we had Slack open, cameras on, and worked from shared Adobe XD artboards, moving elements around while we discussed them. It was a powerful way to leverage technology for a smoother, more collaborative process,” Becca Collins, UI/UX designer, explains. “Somehow, working remotely with shared screens produced even better results than we could have achieved if we were in the same office,” Aaron Lea, Art Director, noted. A Meaningful Brand The team started with a concept that encapsulated the InspiringApps foundation: the original location in Boulder, Colorado, the code that developers use to build web and mobile apps, and the core values the team holds at the center of everything they do. Designers visually translated these elements into three simplified shapes: a triangle to encompass the mountainous Flatirons of Boulder, and a semicolon and less-than symbol representing code. Designers merged the three symbols into an abstract I and A–the company’s abbreviated initials–for a unique and meaningful new logo. Although the company leads with intentional design with clients, rapid growth brought an increased demand for the services and little time for internal branding. For several years, the original design established the InspiringApps brand, but that logo had limitations. “The logo served us well initially, but it was hard to work with. It was time for a change,” Aaron said. A newly designed dynamic website accompanied the brand’s unveiling. On the new site, visitors can find valuable resources and downloads, case studies, and advice for companies considering a mobile or web app. The site also includes case studies from past clients to inspire new ideas. “Our goal is to provide a design and web experience that reflects our mission and core values. We’re committed to putting just as much care and intention into your project as we did with our own,” Brad shared.
9 days ago
Extensive experience with startups and enterprises encourages success in the role Boulder, CO – InspiringApps, a premier app design and development provider, announces the addition of Jonathan Laramy to the senior management team as Director of Sales. Jonathan will plan and execute InspiringApps’ sales strategy and continue the company’s steady growth with a focus on enterprise clients. Jonathan has deep experience navigating complex sales cycles with multiple project owners at all levels of the organization. With a successful history of establishing and nurturing long-term relationships with strategic customers, Jonathan brings loyalty, integrity, and transparency to the InspiringApps organization. “InspiringApps has enjoyed steady organic growth for years. I’m excited that Jonathan will help to accelerate that growth, especially with enterprise customers, which has been the source of much of our new business in recent years. Jonathan’s style and approach to sales are very much aligned with our practices at InspiringApps,” Brad Weber, president and CEO of InspiringApps, said. “App development has so much potential to improve customer experiences and help companies communicate better with their teams. I’m honored to be a part of InspiringApps, and looking forward to bringing innovative solutions to more enterprise companies,” Jonathan said. Jonathan’s experience spans various industries, including retail, manufacturing, on-demand services, real estate, property management, and music. Jonathan launched his career as a key sales manager at Move.com, one of the most successful dotcom companies of the early 2000s, and has enjoyed a successful career in sales in more than a half-dozen companies. About InspiringApps InspiringApps is a web and mobile app design and development company that crafts beautiful and engaging apps that inspire how people live, work, and play. With over 13 years in business and experience building hundreds of mobile and web apps for top global brands and startups alike, InspiringApps helps transform organizations and consumer experiences. Contact: Stephanie MikulsMarketing DirectorInspiringAppsBoulder, COstephanie@InspiringApps.comwww.InspiringApps.com
2 months ago