
1. Consent Under GDPR

2. Purpose of collection of Data Under GDPR
The process of collecting data should be made transparent so that the user is aware of the purpose for which the data is being collected. This should be built into the app so that the user is informed of the reason that specific data such as a phone number or email address is being collected (for example, to update them on the latest offers).3. GDPR & User Control of Subscriptions
After the user opts in for receiving alerts on offers, deals or other information, he should have the right to manage his subscription options and preferred mode of communication. The app should have all the options set to ‘off’ by default, giving the user the choice of opting for communication by email or phone as well as the type of information that he wants to receive.4. Duration of Data Access Under GDPR
As per GDPR, the user should be allowed to restrict the time during which his data can be tracked or accessed. The app should include a provision for obtaining consent for the use of data as well as the period for which it can be used. For instance, when a user is in a new location, the app should get his consent before sending him localized offers and deals. Additionally, once the authorized period of tracking expires, the data should be archived or deleted.5. Allow Users Access to View, Edit or Delete Data Under GDPR Mobile Apps
Users should be able to access or download his data at any time, so he can view the personal information collected by the app. Additionally, the app should allow the user to modify details or delete the data collected within a specific date range. This can include his browsing history, location data or any other information.
6. Deleting the User Account in GDPR
While the user should be allowed to delete his account whenever he chooses, he must be informed of the consequences of his actions. Additionally, as a safeguard, the app should mandatorily ask for a password confirmation before deleting the account.7. Keeping User Data secure Under GDPR Compliance
Protection of data is one of the most crucial aspects of GDPR compliance as failure to do so can attract penalties. The followings measure can be implemented to secure personal data of users.-
- Secured protocols like https should be used to transfer data on the network.
- Single sign-in protocols such as OAUTH can be used to allow users to create an account by linking another account. This way, no data other than the authentication ID is stored by the app.
- Sensitive information such as passwords should be hashed and saved to encrypted databases with restricted access to IPs.
- Cookies should be destroyed after a period of inactivity or after logout.
