AVG / GDPR and (web) apps: 5 points of attention for watertight data processing

AVG as an answer to data growth

The advent of the AVG has everything to do with a trend that we have seen in our previous blog IT in 2018 will be increasingly dominated by data. The amount of data available is constantly growing and data files are now reaching excessive proportions. A large part of this data consists of personal data. And the European Union believes that this must be handled with extra care. From there, the new privacy legislation was drawn up, which will enter into force on 25 May 2018: the General Data Protection Regulation (GDPR), known in the Netherlands as the General Data Protection Regulation (AVG).

What should you do with it then?

As of 25 May, your (web) apps will have to be completely in line with the privacy legislation. You can read the legislation here (pdf) and is very comprehensive. We understand that it is a lot of work to go through it all and we know that you only really want to know one thing: what do I have to do in order to prepare my (web) app properly? Therefore, we make it a little easier for you with the following five concrete points of attention:

1. Ask yourself what you really need

The AVG adheres to the principle of 'data limitation'. This means that you cannot collect more data than you need for your purpose. The ideal (web) app would therefore not store any personal data at all. However, this is not always possible. You should therefore ask yourself which personal data are really necessary and only collect them.

2. Encrypt all personal data

This is priority number 1 for the processing of personal data. With good encryption, you have already protected your data collection (to a high degree) against unauthorised access. This way, their privacy is always guaranteed, even if a data leak occurs.

3. Provide clear information

One of the most important principles of the AVG is transparency. This means that you have to be clear in informing your (web) app users about what you do with their data. Therefore, thoroughly incorporate every step of the processing in your general terms and conditions and make sure users read them.

4. Handle your logs with care

You may easily overlook it, but when verifying a login in your (web) app, an IP address or location is often automatically checked to ensure that only real people log in. This is personal data, and it is logged. In line with the AVG, always let users know that you log them and how long these logs are kept.

5. Be strict about changes and leaks

According to the AVG, personal data must always be and remain correct. Have any changes been made to your data file? Then you must implement them immediately and monitor them thoroughly. In addition, a data leak must always be reported within 72 hours. So you must also monitor this closely.

AVG-ready!

Follow these five points of attention strictly and your (web) app will be ready for the change on 25 May. Have you checked these points of attention and is your (web) app not yet entirely ready for the AVG? Then we strongly recommend that you do so. The fines can be as high as 20 million euros or 4 percent of your global turnover. Then it's good to have everything in order!

Do you need help implementing AVG measures in your (web) app? Or do you want to know more about the consequences of the AVG for your IT? Then contact contact with us! Our team of professional software developers will be happy to help you.