Compliance & GDPR

When building a website or app security should be one of the first things on your mind. Protection of data is a big part of today’s everyday life.

Compliance and GDPR article

General data protection regulation (GDPR) came to life in 2018. The European Union decided that in order to help protect personal information of individuals there needed to be a worldwide regulation. This is where GDPR compliance came into consideration for tech companies.

What security systems does your company use?

This essentially means what system does your company have in place in order to protect data. This could include firewalls, antivirus programs, backup files and encryption. There are many options you could choose from. A good example would include Amazon Web Services because they would provide cloud storage to collect and secure data which could be used to store the data collected from your app/website

Does your security system fall in compliance with GDPR (general data protection regulation)?

When having a company that collects data, especially user sensitive data, you must make sure your security system is in compliance with GDPR. This means that any data collected is secured and cannot be breached. A couple of well known security breaches in recent years include Yahoo, LinkedIn and Myspace. Due to these breaches these companies were fined and had to rework how their data was protected.

What data falls under the GDPR:

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

When does a company fall under GDPR jurisdiction?

  • A presence in an EU country
  • No presence in the EU, but it processes personal data of European residents
  • More than 250 employees
  • Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data. That effectively means almost all companies. A PwC survey showed that 92 percent of U.S. companies consider GDPR a top data protection priority.

Reference:

Manchanda, A. (2019, December 13). A Step-by-Step Guide to Build a Minimum Viable Product (MVP).

What is GDPR? The summary guide to GDPR compliance in the UK

General Data Protection Regulation (GDPR): What you need to know to stay compliant

What is Compliance? | ICA