Complying with the UK General Data Protection Regulations (UK GDPR) is something that all businesses developing and distributing mobile applications should be aware of.
The UK GDPR provides that data controllers and processors must show accountability in relation to complying with UK GDPR principles. This means having written policies and procedures in place and recording any compliance and risk assessment steps your business takes regarding protecting personal data.
App GDPR compliance
Many mobile apps process vast amounts of personal data, including personal photos and documents, credit card details, names and addresses, and user locations.
You must be able to show a lawful reason for processing personal data. Article 6 of the UK GDPR provides six lawful bases:
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
You do not have to gain consent for every single act of data processing. Often one of the other five reasons is more appropriate, for example, legitimate interest. Examples of legitimate interests are ensuring security or sending our marketing information.
Mobile apps GDPR compliance
The most important factor is to document how you have considered the privacy of the users of your mobile app and you process user data.
GDPR requires user consent for all tracking cookies. All EU and UK app users need to be informed about cookie use and given the option to consent or decline. The Privacy and Electronic Communications Regulations (PECR) requires that apps must obtain users’ informed consent before storing cookies on a user’s device for tracking purposes.
For more information on cookie consent read: what are cookies?
Get legal assistance from LawBite
No one expects you to navigate the many privacy and data laws on your own - especially when you are focused on growing your business.
The best way to ensure you are GDPR compliant is to partner with one of our specialist Privacy Law Solicitors. LawBite can advise you through each stage of your mobile app’s development and distribution.