The General Data Protection Regulation (GDPR) unify the legal framework at the EU level and focuses on new technologies to establish the lawful processing of users' data.
Why is GDPR critical to developers?
Implementing GDPR was important as previous directives were outdated and posed a huge obstacle for application developers selling their services across the EU.
For example, before GDPR, developers were not completely sure if their application was compliant with EU laws. GDPR was a good solution, as instead of interpreting different sets of laws in 28 EU countries, developers refer just to one single law. Having one law, GDPR simplifies law analysis, implementation, and compliance verification on the EU level. It also focuses on digital technologies such as APIs, Cloud, mobile, and Big Data, defining their roles and acceptable methods of processing data.
The GDPR will simplify compliance and set clear privacy standards. It introduces new concepts such as the right to be forgotten and privacy by design.
GDPR will:
- Propose Privacy by Design as the main set of principles driving application development.
- Mandate Data Protection Impact Assessments (DPIA) are only for larger companies or companies where privacy risks are higher. For smaller companies and start-ups, it will no longer be mandatory.
- In the case of data breaches, Data Controllers must notify their Data Protection Authority within 72 hours.
- In the case of data breaches, fines will increase by up to 20 mln. or 4% of the company turnover.
- Give application users the possibility to ask for their data from Data Controllers. This is also known as “data portability”.
Generally, the GDPR will facilitate developers’ lives by simplifying the required bureaucracy. However, it will define clearly technical and procedural privacy and security requirements that will need to be satisfied for every application.