GDPR and mobile applications

We have already written about GDPR, as you can see in our previous blogs, but it’s always good to repeat what GDPR is and how it affects us.

The General Data Protection Regulation, also known as GDPR, was adopted in April of 2016. GDPR defines personal data information that could identify an individual. Identifiers may include names, phone numbers, addresses, as well as digital information such as usernames, locations and more. All companies and organizations need to adapt to this new regulation and have to pay attention when creating mobile applications.

What should we know if we want to make a mobile application according to GDPR regulation?
When you use a database that contains personal, confidential information, you always have to have permission to collect them, explain why you need it, who has access to it, how long you will keep that data and for what purpose are you going to use it. That’s why there is a checkbox that can’t be automatically checked as it was before. From now on, every person has to manually label every checkbox. One of the key things about mobile apps and GDPR is privacy by design, which means that the information we collect from a person needs to be just enough to use the app, for example, sex is not essential information for the app download and for using the app, so we don’t need to know that information . It is also important for each application development stage to take care of personal data security because every person who has access to personal information is responsible for them, so beware of what information you are looking for. In addition, your developers need to encrypt and protect all the data that moves between the application and the server. When making an application, you must ensure that users are allowed to make changes and delete their data. All organizations will need a system or process that will locate and remove certain data. This includes all the services and backup systems that data can not return from anywhere. You, as a company, will have to ask for a consent from the start unless you have the legal basis for processing data. This should include what data you collect and why you collect it.

You may need to invest in better technology to ensure continuous monitoring of your data. Also, you will have to have the backup plan. For application owners, both consumers and businesses, it’s crucial that you have full visibility and control over the real-time use and application activity in a centralized way.

GDPR in Digital Marketing – Threat or opportunity

There are many written and spoken things about GDPR. Employees in digital marketing are not sure how the GDPR will affect them, what they can do, what about the existing database, whether the way of collecting the data so far complies with the regulation and so on. A lot of questions are being asked and the answers are difficult to find. In this text, we will try to bring you closer to this issue. The most important thing that changes with the arrival of GDPR on May 25, 2018, related to digital marketing, is that you will have to have the consent of sending promotional content from then on. What does that mean? The assumption is that on average only 25% of your database complies with GDPR. This is the data you have access to in a way that the respondents have voluntarily entered your mailing list. What to do? Delete unnecessary data and collect consent for those prospects. Do not mark in advance the checkbox. It is not in line with GDPR. The checkbox must be “physically” marked. Enable users to update and delete their data. Specify how long you will keep their data.


The second important thing is the purpose for which the data was collected. As a service provider and a company that collects data, you will have to clearly and unambiguously write for what purpose you will use the collected data. If you use them for the purpose of submitting bids and deals, you can’t use them, after any successful co-operation, for the purpose of self-promotion. To use personal information for this purpose, you will need additional consent. Likewise, if you collect data for the purpose of sending promotional emails, you should keep in mind that only the necessary information is collected. Take for example IT services. Your name, family name, email address, and business name are quite a sufficient amount of information for this type of activity and according to GDPR, you are not allowed to collect age or gender data for that purpose either. Age or gender is not a necessity for sales of  IT services. While a clothing or footwear seller needs age or sex information for the same purpose – selling. The goal of GDPR is to access personal data conscientiously, to maximize the privacy of EU citizens and to collect the minimum amount of data.


Is GDPR an opportunity or a threat to Digital Marketing? If we coordinate in time, we will surely benefit from GDPR. How? With a clear policy of dealing with personal information, we will gain more confidence from end users. We will not waste time on clients who are not interested in our products and services, but we will focus on quality content with those “essential.” The users will not tag our mail as spam. Although we will need a lot more time to collect contacts and their consent, they will be better and more ready to take action. Better quality contacts will result in better quality campaigns. The result should be increased sales and, in the end, increased profit.