Storing data on a user's device under GDPR
By storing data locally on a user's device, you have fewer administrative obligations compared to when you transfer and process data in the cloud. However, you still need to provide methods to delete data in case of device theft or loss.
By storing data locally on a user's device, you have fewer administrative obligations compared to when you transfer and process data in the cloud. However, you still need to provide methods to delete data in case of a device theft or loss. Another key functionality is the data backup and synchronisation when a user replaces their device.
Although this is related to a specific technical scenario, and therefore it's not mentioned explicitly in the GDPR, the European Data Protection Supervisor (EDPS) points out, “[...] granting data subjects the choice to limit the processing of mHealth data locally – on their smart devices, rather than on a remote server – is one of the important safeguards mHealth apps and devices should implement.” (See EDPS Opinion 1/2015 on Mobile Health)
The risks of storing data locally
A nursing home in the US was fined $650,000 after an iPhone with 400 patient files was stolen. The lawyers highlighted the risks of storing patients’ data on mobile devices and the importance of advanced security measures.
The alternatives to storing data locally
Local storage is a solution that fits only a limited number of cases and scenarios. Frequently, you need to process the data on the server side or to transfer it via the server to another device (data exchange).
Implementing a backend for storage and processing is potentially hard and risky, but it solves many the issues and reduces the risks related to losing the phone or laptop.
How Chino.io helps
If you plan to do so, consider Chino.io platform, which provides a unique solution for extremely simple and cost-effective backend implementation. Storing data on the server side is very easy, secure and privacy law compliant with Chino.io.