GDPR Compliance for Software Applications

As a software developer, you may have heard about the General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. It is important that you know how the introduction of this regulation affects your role as a developer.

Basically, you need to ensure that the work you do fits with the business complying with GDPR. Once GDPR becomes a reality, individuals will have certain rights regarding their personal data, and the way it’s used by businesses and organisations; some of these rights already exist, and some have changed. These rights include:

  • The right to be forgotten. This means that all personal data held for the individual must be deleted, unless there is a legally valid reason to continue processing it.
  • The right to data portability. This means that individuals have the right for their data to be provided in a machine readable format. This enables the data to be sent to other organisations.
  • The right to have data amended where there are errors.
  • The right to restrict the use of personal data, except where legal considerations override this.
  • The right to see the personal data that is held.

As a developer, you need to ensure that the systems and applications you develop are suited to complying with all of these rights.

Protecting the Security of Personal Data

There are also certain actions that developers should complete, in order to ensure the protection of personal data, and make sure the business complies with GDPR. Here are some of those actions:

  • Encryption of data that is transferred from the application to the database.
  • Encryption of all data back-ups.
  • Use of pseudonyms during the test stage.
  • Use of authentication systems for data modification.
  • Ensuring all API access is registered.
  • Using identifiers not personal data in log files.

All of these actions can help the business to ensure that it is GDPR compliant. As a developer, you have an obligation to ensure that all of the development work you undertake is completed with this in mind, once GDPR becomes a reality.