GDPR checkpoints for app developers in India

Research states that mobile app downloads have increased from 140 billion in 2016 to 218 billion in 2020. It is believed that downloads will surge to 258 billion by the end of 2021. This gives rise to questions on security of user data. Smartphone applications collect user data to customise their experience on the website. It is difficult for a layman to know in what ways companies collect user data and use the personal information.

Data collection came under the purview of General Data Protection Regulation (GDPR)in 2018. GDPR was introduced to strengthen individuals’ control on their personal data and to streamline international business regulations. The regulation has a direct effect on all EU member states, which means every organisation that is established in the EU or processes data of EU individuals for the exchange of goods and services have to abide by the GDPR law. Breaching the policy may result in heavy penalties.

If you are in an industry that targets EU individuals and collects their data through mobile apps, you must comply with the GDPR law.

How has GDPR impacted the mobile app market in India

The biggest challenge is that most organisations employ third parties to conduct analytics, and inadvertently share data without the express consent of users. Further, a lot of apps (in India and globally) personalise offerings basis the user data available. If EU clients request for deletion of their personal information, it will pose a problem in the way these apps operate.

Banking institutions may conduct credit credibility checks by assessing people’s social media profiles. If an EU user requests them to not use the information available online, it will be difficult for organisations to create different procedures for one potential client.

These challenges are complicated but have to be addressed if organisations want to avoid penalty and loss of credibility. Here are some ways to ensure compliance.

How to comply with GDPR

  • Review your application – mention each aspect of data collection throughout your app. Don’t mandate users to fill data where it is not necessary.
  • Do not auto-fill forms; ask for users’ consent in filling up forms in a clear and simple language. Users may or may not want to subscribe to ads, newsletters, etc. Give them the right to choose.
  • Privacy by design is imperative. It means that you must only hold and process data that is crucial for your app, you must also inform the user why you are collecting it.
    For example, if your application offers home-delivery of items, you may require the phone number of a user. You must specify that you need their number to schedule the delivery, assist them with the product, etc.
  • Inform users about how to manage, collect or delete the data shared on your application. In other words, give users control over how they want to share their personal information.
  • Strengthen user-data security, secure the data on the cloud with encryption.
  • Write the privacy policy in simple language that ensures user readability. Also, upload policy on the app stores.

  • If you share user data with any third party, they must also comply with GDPR.

What happens when you don’t comply with GDPR?

Non-compliance with the GDPR may result in corrective actions such as a limitation or ban on data processing, or suspension of data flow to collectors in a third country. Depending on the severity, a company may be penalised for two percent of its global revenue or 10 million EUR, whichever is higher. The maximum fine that a company might have to pay on breaching the law is four percent of its global revenue or 20 million EUR, whichever is higher.