GDPR developer’s perspective:
General Data Protection Regulation (GDPR) is a set of rules that come into effect on May 25th, 2018. It regulates the use of data and it applies to all organizations that store or process any data relating to individuals inside the EU. I have covered what is GDPR and what are its principles in my previous blogs. If you haven’t read it yet, please go through it.
So in this blog, I will be writing about GDPR from a developer perspective, as in what are the steps the developer has to take in order follow GDPR regulations for the data collected for his Data Subjects/Clients/User.
Rules that must be implemented:
- There must be a feature in the application where the data can be deleted related to particular UserId.
- Notifying the third party about erasing data that is related to a data subject. The developer should have third parties API’s as to verify that the data is restricted as per the user’s wish.
- Restrict processing, there should be an option given to users, whether they don’t want some of their data to be exposed(Publicly). When once clicked on the button, the data should not be exposed to the application or to the third party.
- There should be an export button in user’s portal, so as to export his data that has been collected by the application.
- The terms and conditions. Previously terms and conditions would be a long page and at the end, it would be accepted or rejected. Instead, this can be changed into FAQ(Frequently Asked Questions) with consent checkbox(Yes/No). The user will get clear picture were his data will be shared and whether is she/he ready to share data, if not she/he can opt for “No”.
Data Rules for Developers:
- Encrypt the data at rest.
- Encrypt data at transit.
- Make a log file whenever the personal data is viewed/edited.
- Create a backup of the data.
- Protect data integrity.
Checklist for developers:
- Make sure the data is collected with users consent and it is used for its given purpose.
- Make sure old logs of personal data are deleted.
- Make sure the third party have a basic level of data security
For more details click on this link