Building a GDPR compliant application

As GDPR is becoming mandatory for EU, organization should quickly align themselves with the regulation. Be it small, medium or large business, GDPR compliance is required for all. Organizations should plan for it and move forward. To comply with GDPR, first they need to understand the definition of private data, data subject, data controller, procession & Data protection officer. Then the following features need to be implemented in the application.

Data export and retention

First thing data controller or processor need to get started with GDPR is to know which of their software module hold personal information. What are those personal data. And how long we are intending to retain that. Whenever requested these personal data needs to be provided to user.

Encryption and Right to be forgotten

Right to be forgotten is an important point of GDPR. If a user asks to delete their info, application must oblige (unless any other law makes this request impossible – e.g. for fiscal reasons you may have to keep it). Doing this inside a live application is still easy but you also need to manage this within backups.  

User consents

Under GDPR you can't have just "Agreed" boxes or pre-checked checkboxes. For one kind of information there will be one check-box which user have to manually check. Application must have the provision for that.

Allow users to edit their profile

User should be able to edit their profile as and when needed. In case of any correction also he/she should be able to do that in application.

Restrict processing

User can restrict further processing of some of his personal data for any data analytics or profiling purpose.

Age checks

Under the GDPR, age below 16 is considered as child, but it allows member states to adjust that limit to anywhere between 13 and 16. Data controllers therefore must know the age of consent and in case of child they must obtain consent from a person holding “parental responsibility”. Application to support this feature.

Breach notification

Application must have a provision to send (e.g. through email) notification to users in case of any data breach happens. It should also mention the possible consequence of it.


Future Ready Apps & Digital Experience With Blockchain, IoT, BOTS & Artificial Intelligence!