With the General Data Protection Regulation now in full swing, businesses have transformed the way they manage and protect users’ data on their websites – and you need to do the same.
The chances are you were inundated earlier in the month with emails from companies wanting to keep you on their mailing lists, and you might even have noticed American companies closing down their sites because they couldn’t comply in time.
There are lots of things that you can do to make sure your business complies with GDPR, as outlined by Information Age, but you should look beyond your website and think about other avenues of data capture and collection.
If you’re planning on launching a new smartphone app for your business, or you’ve already launched and currently manage one, then follow these steps to be compliant.
Encrypt data, and let users know
If your smartphone application needs to store and use personal information, like names, email addresses, postcodes and telephone numbers, then you need to ensure that the data is fully encrypted – with strong encryption algorithms and hashing. In some recent data breaches, data was available to hackers in plain text; encrypting and hashing data means that, if the worst did happen, data couldn’t be extracted or exposed by fly-by-night hackers and data thieves.
Stop tracking user activity
Some businesses track their users moves on their websites and smartphone apps to determine their tastes and personalities in order to recommend more tailored products and services; it’s a feature that giants like Netflix, YouTube and Amazon users to improve recommendations. However, because personal details are being recorded, you should give users the choice. For those who do accept, you should make it easy for them to understand what’s involved, and access the data you hold on them upon request.
Destroy cookies and sessions on logout
Just like on a website, users must be informed that your app uses cookies, and be given the option of accepting or denying them. Unlike website cookies, cookies within smartphone apps are often sandboxed to your app alone, rather than carried through other apps and internet browsing, but you should still make your cookies policy clear and easy to manage. Remember to also destroy cookies when a user logs out of your app or has an extended period of inactivity.
Delete data from users who cancel
When a user cancels their service with you or deletes their account, you should remove all of their data from your system. The European Union’s right to be forgotten regulation means that companies must respect the right of their users, and delete data if they no longer want to use your services. If you don’t delete their data, and instead treat deleted accounts as inactive, then you could be breaking the law and be subject to fines and penalties from the EU or your local government.
Play fair with your terms and conditions
Clear terms and conditions should be an important part of your smartphone app – and under the new EU privacy regulations, they’re now required by law. Your smartphone app should make the terms and conditions clearly visible, either through a pop-up, through registration or in a sidebar or pull-out drawer within your app – and the terms should be in easy-to-understand English. That means no hiding inconspicuous clauses and terms at the bottom of your agreement. Play fair.
Wrapping up
There’s no denying that GDPR is a headache for business owners, but the changes to privacy legislation are positive for businesses and consumers alike. Not only does it give you a chance to analyse your privacy procedures and make your company fairer, safer and more accountable, but it gives users more confidence in using your services, safe in the knowledge that their data is being protected. If you’re about to launch a new app, make sure you review it against these points first; GDPR regulation is now in force, and failing to comply could result in a hefty fine.
At Zudu, we design fully GDPR compliant smartphone apps. Get in touch to learn more.