Blog

We explain GDPR + checklist for developers

Although we have already got used to the GDPR a bit, practical knowledge in this topic is not common at all. The regulation adopted in 2018 imposes additional obligations on all data controllers, which should also be remembered by developers. We explain what GDPR means, what are the main rules for the processing of personal data and how GDPR affects the work of programmers.

Spinbits - gdpr_54378eb114.webp

What does GDPR mean? It is an abbreviation of General Data Protection Regulation, and more precisely a legal act, in force throughout the European Union since 2018, regulating the issues of personal data protection and processing. It informs both consumers and traders what they are entitled to concerning private data.

GDPR for beginners - what is personal data and its processing

The GDPR imposes additional obligations on all processors of personal data. But what does GDPR mean?

"It is an operation or a set of operations performed on personal data or sets of personal data in an automated or non-automated manner, such as collecting, recording, organizing, organizing, storing, adapting or modifying, downloading, viewing, using, disclosing by sending, distributing or otherwise sharing, adjusting or combining, limiting, removing or destroying ”. "Personal Data" includes, but is not limited to: IP address, information related to genetic, mental, economic, cultural, and social identity, including names, telephone numbers, addresses.

7 rules for the processing of personal data

If you need to process personal data, e.g. of application users, you must take into account the 7 principles of personal data processing, which are the basis of the GDPR.

  1. The principle of lawfulness, honesty, and transparency - obliges to provide the data subject with the complete information necessary to guarantee the fairness and transparency of personal data processing. How this information is communicated must be understandable and communication precise.

  2. The principle of limiting the purpose of data processing- data must be collected for specific, explicit, and legitimate purposes, not further processed in a manner inconsistent with these purposes (except for archival purposes in the public interest, scientific, historical, and statistical research).

  3. The principle of data minimization - says that we should only process the data that we need.

  4. The principle of data correctness - obliges the data controller to process correct data and to verify them on an ongoing basis.

  5. The principle of limiting data storage - the time of data processing should be shortened to the minimum necessary to achieve the purpose of data processing.

  6. The principle of data integrity and confidentiality - maintaining appropriate technical and organizational measures to ensure data security.

  7. Principle of accountability - the administrator is required to document that his actions are following all the above-mentioned principles.

GDPR rights that every natural person has

In addition to the obligations given to personal data controllers, the GDPR provides individuals with the following privileges regarding their rights:

  • the right to information,
  • right of access,
  • the right to rectify data,
  • the right to delete data,
  • the right to limit processing,
  • the right to transfer data,
  • the right to object,
  • rights related to automated decision making and profiling.

The above GDPR rights for developers mean, among other things, that users of websites or applications should receive information on how, where, and for what purposes their data is processed. They may also require their data to be deleted from servers or to be informed of all their data used by the organization.

GDPR checklist for developers

The principles and rights described above directly translate into work on websites and applications. They set out the rules by which we must treat website and application users and how we should collect, store, and use their data.

Two rules that every developer must remember:

  1. Privacy by design - imposes an obligation to include data protection principles in the design of a product or service (including compliance with the GDPR rules)

  2. Privacy by default - Commits to provide the maximum level of privacy protection by default.

Finally - a checklist for developers that will help you check whether you have performed the steps to be GDPR compliant:

  • inform about the purpose of personal data processing,
  • obtain consent to data processing,
  • inform how long (until when) you will be processing user data,
  • publish contact details,
  • inform about the legal basis of data processing,
  • inform about the right to access, correct, limit processing and withdraw consent to data processing,
  • allow the user to correct data,
  • use an SSL certificate,
  • inform about the right to complain of the supervisory authority,
  • make sure you do not collect too much data,
  • enter into an entrustment agreement with a hosting company,
  • provide the backup of personal data.

FAQ

Any questions? Don't hesitate to ask us

Ask a question

We are always pleased to welcome a new challenge, that's why we have worked in various projects.

Starting with custom CRM/ERP class solutions development, through B2B and B2C web systems, mobile apps to small, simple but beautiful websites.

We love interesting project and we also work in blockchain technology, created online games and also hardware projects.

We want to build complete project together with you. That's why we bring our experience on analysis, solutions and flow. Of course, you can decide about the approach applied on every step.

Together with experience we bring resources. From developers, to management, testers and designers.

Last but not least we bring technology. We're up-to-date with latest solutions and tools that we can trust in and used them multiple times.

You will receive all results of our work for your disposal - no matter if it's a code, hardware, documentation. We also will give you a warranty for all elements.

Cost optimization - you can decide to work with us based on time&material approach, full-time or half-time. Based on your needs we can help you pick the best solution to optimize your costs.

Scalability - New project next week? You don't need to worry, since we have the resources. Thanks to our management results and procedures your new member of the team will be onboarded and ready to work in no time.

Recruitment - We will take care of it - you will receive only the best and well suited applications that were earlier evaluated by us.

Let's build your business together