Five Tips to a Successful Relationship with the GDPR

Have you ever downloaded an app on your phone and looked at the permissions that the app requests.

Have you ever downloaded an app on your phone and looked at the permissions that the app requests.  I mean I just want to play Tetris, why do you need permission to access my contact list and messages, or know what I ate for dinner?

With the new the General Data Protection Regulation (“GDPR”), a move to the age of respecting users’ privacy, software developers that collect and process personal information need to re-think their relationship with privacy.  Let’s look at how you can be compliant and develop a good relationship with this piece of legislation:

  • Take what you need and no more.

When it comes to collecting data, less is more.  Only collect data if you really need it and when you need it.  The questions to ask yourself at this stage is why I need this data and why collecting this data is necessary to the functioning of my software.

  • Be honest, omission is lying.

If you decide that my software requires access to a user’s location, then let the user know in plain simple language what the exact purpose of the data collection is for and how it benefits them.

  • Ask first, be transparent, build trust.

Make sure that users say yes to you using their data.  Don’t do this in a sneaky way like a pre-checked tick box or by placing small illegible terms and conditions in the far-right bottom corner typed in Arial 3pt.  The GDPR requires informed and active consent.  Remember consent needs to be specific and you cannot apply consent for one thing to all there is everything. There is no such thing as a blanket provision for consent.

  • Making leaving easy.

So, the user decides that this is not working out and they never want to hear from you again.  Make opting out easy. This is especially relevant if you engage in direct marketing.  Do not require the user to fill out 300 forms like they are applying for divorce.

  • Let them take their stuff with them.

Users should be able to request data that is collected by and it should be easy for them to take this data with them (data portability) and transfer it to whomever they see fit.  What’s important to remember here is that what theirs is theirs.  The data should also be in a format that users can comprehend for e.g. data in the form of an unintelligible string of code will not cut it.

Like in all relationships, developing trust and respecting each other is key.  When designing software, it’s not enough to think about privacy as just a policy that requires the bare minimum.  What is required is that privacy is viewed as a core principle that is embedded in the design process.

Filter By

Must Reads

Subscribe to receive our latest articles

Follow Us

Related Posts

Imitation is the greatest form of flattery, but we don’t think so in this case.

We are aware of the phishing email that has been circulated to many people. Although we are not the firm mentioned in the phishing email you may have received, we’ve received several calls because of the similarity to our firm name so, unless you’d like to have a chat about other technology law matters, please don’t call us as we won’t be able to help. 

We know the firm in the phishing email is a genuine law firm, based in Cape Town, and we’ve alerted them to what is likely an impersonation scam.

If you’d like to learn more about phishing, click on the following link (we promise this is a legitimate link ) to watch this entertaining video we did eight years ago.