Blog / Business / app security

Does Your CTO Know about GDPR/DSGVO/ISO 27001?

  • Rating — 5 (3 voices)
  • by Elena
  • Updated on March 15, 2019
  • Read —
    4-5 minutes
what you should know about gdpr

It’s been a while that everyone who is somehow connected to software development or maintenance is buzzing about the new GDPR, that is going into effect on May 25, 2018.

You must have heard that it’s a rather strict yet complicated document that everyone panics about.

But what is actually GDPR and how it might affect your business?

The European Union General Data Protection Regulation (GDPR) is a document that regulates data protection and privacy for all European Union citizens. It is also known as DSGVO that stands for Datenschutz Grundverordnung (General Data Protection Regulation in German). ISO 27001, the international information security standard was the most popular document that regulated security before the GDPR was enforced.

It aims to keep all the personal data that is collected by any business, organization or enterprise safe from unauthorized access or use.

  1. What is personal data according to GDPR
  2. How to demonstrate your GDPR compliance
  3. How to understand whether you are the data processor or not

What is personal data according to GDPR

What is meant by the term “personal data”? That can be any information that can be used to directly or indirectly identify the real person. For example, name, photos, email, bank details, social media page, IP address or any other information that is usually collected by apps and websites. All this information can be identified as regular personal data.

Beyond regular personal data, there is also sensitive personal data. Surely, it requires stricter protection and the consequences are greater. Sensitive personal data according to GDPR includes:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Health data
  • Sex life or sexual orientation
  • Past or spent criminal convictions
  • Genetic data
  • Biometric data (such as facial recognition or fingerprint logins)
  • Location data
  • Pseudonymized data
  • Online identifiers

Personal data also includes such thing as IP addresses, cookies, user accounts, etc. so developers have to make sure all the data is collected and stored appropriately.  

How to demonstrate your GDPR compliance

Being able to demonstrate the compliance of your business is a must. That can be special certificates or system documentation. Therefore, you should know how to prepare the proper documentation to provide it when needed.

The basic information that must be included:

  • What kind of data you collect
  • What is the purpose of it
  • How long you store this data
  • How you process this data (including all parties that process it)

It’s also recommended to have a general policy document explaining what data are you collecting, what are rules, etc. That will allow users to understand what you know about them and what they get in return. If you use cookies on your website, you need to explain why do you need them. Generally, users have a right to understand what information about them is collected by your business. In other words, you can continue using your existing documentation but expand it with privacy information required by GDPR.

Additionally, you can be not the only party collecting users data on your website or app. And these third parties can be a reason for serious problems. The latest example is Cambridge Analitis who collected the data from Facebook users and then used inappropriately. So, to avoid such situations businesses need to specify all the third parties that somehow get access or process your user’s data.

EU GDPR COMPLIANCE CHECKLIST

How to understand whether you are the data processor or not

GDPR addresses all the data processors but many companies are not sure if they can be named data processors or not. For example, we are a software company, and we are building a website or an app for our clients. This website or app collects users personal data. And here comes the question: do we intend to be a data processor?

The answer depends on technical conditions. If our client stores the information on our servers or our employees have access to this data, we are data processors. Hence, we bear equal responsibility.

By default, software development companies don’t want to be data processors, since that makes them liable to any sanctions in case of any breaches. But how to avoid this “ burden”? The first thing you need to consider is that you don’t have access to any personal data of your client’s clients. And don’t forget to note this clause in your contract. Though avoiding such data might be difficult, it’s better to strive once, that pay fines later. The typical “weak” places where you can run into are testing environment, log files or any emergency patches. Pay extra attention to these cases to keep calm later.

Since software development rarely requires actual access to PII data (Personally identifiable information), avoiding any accidental exposure seems the only possible way of keeping your development company safe from sanctions.

Conclusion

Though implementing GPDP/DSGVO/ISO 27001 is rather stressful for most companies, we believe that it will bring more positive control and security to end-users. The main concern of any business working online is to tell users what data is collected, why, and how it will be used. Moreover, any user not has a right to ask for all the information about him that a company possesses and can demand the total deleting of this data.

The main idea is to work transparently so that users will trust your company and let you use their data for multiple needs including marketing or improving users experience.

Need a reliable software developer for your project?

 

Elena is the business analyst passionate about everything connected with startups, business ideas, and analytics. She’s aiming to find the solution for every challenge, young companies meet on their way.


Leave a comment
Close

Leave a Reply


Related services

Similar Blog Articles

Information security best practices checklist

Development

Web Development Security Checklist

What’s the first thing that comes to your mind when talking about a website? Design? Functionality? Marketing? All these things certainly matter but what you should never forget is security.

Rating — 5 (4 voices)
top trends in android development in 2017

Marketing

TOP Trends in Android Development in 2019

Every year the new trends in technologies appear, replacing each other and this process seems to be unstoppable. Since Android has been introduced several years ago, it made a revolution in mobile operating systems. Many things have changed since that times but one remains the same – Google does its best to blow users minds....

Rating — 4.7 (7 voices)
data protection

Business

GDPR: Basics, Principles, and Tips for Compliance

You have probably heard about the General Data Protection Regulation (GDPR), a new European privacy law that everyone is concerned about. We already have an introductory article on this topic. So this time we are going more in detail and will focus on both–general aspects that are relevant to all businesses, as well as some...

Rating — 5 (3 voices)

Categories

All articles Business Company News Development Marketing StartUp App Ideas UI and Design

People are talking about

You've got
a project in mind

What's next?

Send us a message with a brief description of your project.
Our expert team will review it and get back to you within one business day with free consultation and to discuss the next steps.

Testimonials

Devan
They write clean code, adhere to deadlines, and communicate extremely well. I strongly recommend anyone from the GBKSOFT agency and hope to work with them again myself. Clean Code
Garrett
They proved to be very good and they’re very reliable as well. They are quite conscientious. They will go the extra yard to make sure we're happy. Reliable
Andy
I think they do great work. I haven’t yet given them something that they were unable to do. Great
13
App Futura Top App Development CompaniesGood FirmsClutchAwwwards