The new EU General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) unify the legal framework at EU level and focus on new technologies to establishing the lawful processing of users' data.

Why GDPR is critical to developers?

Implementing GDPR was important as previous directives were outdated and posed a huge obstacle for application developers selling their services across EU.

For example, before GDPR, developers were not completely sure if their application was compliant with the EU laws. GDPR was a good solution, as instead of interpreting different sets of law in 28 EU countries, developers refer just to one single law. Having one law, GDPR simplifies law analysis, implementation, and compliance verification on the EU level. It also focuses on digital technologies such as APIs, Cloud, mobile, and Big Data, defining their roles and acceptable methods of processing data.

The GDPR will simplify compliance and set clear privacy standards. It introduces new concepts such as the right to be forgotten and privacy by design.

GDPR will:

• Propose Privacy by Design as the main set of principles driving application development.
• Mandate Data Protection Impact Assessments (DPIA) only for larger companies or companies where privacy risks will be higher. For smaller companies and start-ups it will not be mandatory anymore.
• In the case of data breaches, Data Controllers must notify their Data Protection Authority within 72 hours.
• In the case of data breaches, it will increase fines up to 20 mln. or 4% of the company turnover.
• Give application users the possibility to ask for their data from Data Controllers. This is also known as “data portability”.

Generally, the GDPR will facilitate developers’ lives simplifying required bureaucracy. However, it will define clearly technical and procedural privacy and security requirements that will need to be satisfied for every application.