Blog / Business / app security

Does Your CTO Know about GDPR/DSGVO/ISO 27001?

  • Rating — 5 (3 votes)
  • by Elena
  • Updated on March 15, 2019
  • Read —
    4-5 minutes
what you should know about gdpr

It’s been a while that everyone who is somehow connected to software development or maintenance is buzzing about the new GDPR, that is going into effect on May 25, 2018.

You must have heard that it’s a rather strict yet complicated document that everyone panics about.

But what is actually GDPR and how it might affect your business?

The European Union General Data Protection Regulation (GDPR) is a document that regulates data protection and privacy for all European Union citizens. It is also known as DSGVO that stands for Datenschutz Grundverordnung (General Data Protection Regulation in German). ISO 27001, the international information security standard was the most popular document that regulated security before the GDPR was enforced.

It aims to keep all the personal data that is collected by any business, organization or enterprise safe from unauthorized access or use.

  1. What is personal data according to GDPR
  2. How to demonstrate your GDPR compliance
  3. How to understand whether you are the data processor or not

What is personal data according to GDPR

What is meant by the term “personal data”? That can be any information that can be used to directly or indirectly identify the real person. For example, name, photos, email, bank details, social media page, IP address or any other information that is usually collected by apps and websites. All this information can be identified as regular personal data.

Beyond regular personal data, there is also sensitive personal data. Surely, it requires stricter protection and the consequences are greater. Sensitive personal data according to GDPR includes:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Health data
  • Sex life or sexual orientation
  • Past or spent criminal convictions
  • Genetic data
  • Biometric data (such as facial recognition or fingerprint logins)
  • Location data
  • Pseudonymized data
  • Online identifiers

Personal data also includes such thing as IP addresses, cookies, user accounts, etc. so developers have to make sure all the data is collected and stored appropriately.  

How to demonstrate your GDPR compliance

Being able to demonstrate the compliance of your business is a must. That can be special certificates or system documentation. Therefore, you should know how to prepare the proper documentation to provide it when needed.

The basic information that must be included:

  • What kind of data you collect
  • What is the purpose of it
  • How long you store this data
  • How you process this data (including all parties that process it)

It’s also recommended to have a general policy document explaining what data are you collecting, what are rules, etc. That will allow users to understand what you know about them and what they get in return. If you use cookies on your website, you need to explain why do you need them. Generally, users have a right to understand what information about them is collected by your business. In other words, you can continue using your existing documentation but expand it with privacy information required by GDPR.

Additionally, you can be not the only party collecting users data on your website or app. And these third parties can be a reason for serious problems. The latest example is Cambridge Analitis who collected the data from Facebook users and then used inappropriately. So, to avoid such situations businesses need to specify all the third parties that somehow get access or process your user’s data.

EU GDPR COMPLIANCE CHECKLIST

How to understand whether you are the data processor or not

GDPR addresses all the data processors but many companies are not sure if they can be named data processors or not. For example, we are a software company, and we are building a website or an app for our clients. This website or app collects users personal data. And here comes the question: do we intend to be a data processor?

The answer depends on technical conditions. If our client stores the information on our servers or our employees have access to this data, we are data processors. Hence, we bear equal responsibility.

By default, software development companies don’t want to be data processors, since that makes them liable to any sanctions in case of any breaches. But how to avoid this “ burden”? The first thing you need to consider is that you don’t have access to any personal data of your client’s clients. And don’t forget to note this clause in your contract. Though avoiding such data might be difficult, it’s better to strive once, that pay fines later. The typical “weak” places where you can run into are testing environment, log files or any emergency patches. Pay extra attention to these cases to keep calm later.

Since software development rarely requires actual access to PII data (Personally identifiable information), avoiding any accidental exposure seems the only possible way of keeping your development company safe from sanctions.

Conclusion

Though implementing GPDP/DSGVO/ISO 27001 is rather stressful for most companies, we believe that it will bring more positive control and security to end-users. The main concern of any business working online is to tell users what data is collected, why, and how it will be used. Moreover, any user not has a right to ask for all the information about him that a company possesses and can demand the total deleting of this data.

The main idea is to work transparently so that users will trust your company and let you use their data for multiple needs including marketing or improving users experience.

Need a reliable software developer for your project?

 

Elena Elena is the business analyst passionate about everything connected with startups, business ideas, and analytics. She’s aiming to find the solution for every challenge, young companies meet on their way.

Leave a comment
Close

Leave a Reply

Related services

Categories

All articles Business Company News Marketing Tips StartUp App Ideas Tech UI and Design

People are talking about

You've got
a project in mind

What's next?

Send us a message with a brief description of your project.
Our expert team will review it and get back to you within one business day with free consultation and next steps.

Testimonials

Nothing can be better than getting a review from our happy clients
who recommend us and trust us their business.

Andy
I think they do great work. I haven’t yet given them something that they were unable to do. Great
Raphael
My Project with GBKSOFT gave me the ability to develop my software while keeping a busy schedule. Ana, who was my project manager, was very professional and was always understanding of my vision and what I wanted. I would recommend GBKSOFT again to any other company or person who has a vision for their web application. Thank you GBKSOFT! Recommend
Dave
GBKSOFT’s performance has been very strong. We've referred them twice, which says all anyone needs to know about them. A referral is the ultimate signal we can give that these guys are great. Strong
Gireesh, USA
One word...EXCELLENT.
Very well thought out and articulate communication. Clear milestones, deadlines and fast work.Patience. Infinite patience. No shortcuts. Even if the client is being careless (me). The best part...always solving problems with great original ideas, especially with this strange project where we are making up new words every day!
Excellent
Jonathan
More good work from team GBKSOFT. All well executed. The support within GBKSOFT is excellent. Communication is good too, spoken English as well as written. Support
Garrett
They proved to be very good and they’re very reliable as well. They are quite conscientious. They will go the extra yard to make sure we're happy. Reliable
Aaron
I’ve been using GBK Soft for the past 3 years and they have been great. Communication is unparalleled to other app development companies. I’ve continued to return to them to improve my iOS app countless times and I will continue to do so in the future. I highly recommend this company! Improve
Tao
GBKSOFT did a good job to manage the project. They put in a good effort to communicate with us and make it easier for us to communicate with developers. Good Job
Devan
They write clean code, adhere to deadlines, and communicate extremely well. I strongly recommend anyone from the GBKSOFT agency and hope to work with them again myself. Clean Code
19
spinner