Due to the nature of our product, Appfarm has no possibility to track what type of data you store in our platform and how you store, secure and maintain it. Also, the appropriate application design choices necessary to stay compliant with GDPR will largely depend on the actual use case and context of data collection and processing. There is no silver bullet to becoming GDPR compliant. Rather, when creating apps that process personal data with the use of Appfarm Create, it is your responsibility as a data controller to ensure the data is processed in accordance with the GDPR regulations. However, we’d like to make accomplishing this goal as easy as possible for you.

Here's an overview of aspects you need to consider to achieve GDPR compliance.

Know your data

Before you start building an app, identify all the personal data your app will process. This data map will be crucial for your GDPR compliance journey.

Process legally

Understand the lawful bases for processing personal data under GDPR, like user consent, contract fulfillment, and legitimate purpose. Choose the right basis for each data processing activity in your app.

Obtain clear consent

Obtain explicit and informed consent from your users before collecting and processing their data. This can be done with consent forms customized to your needs, e.g., a cookie banner that explains why you're collecting data and how it will be used.

Become a data minimalist

Only gather the data necessary for your app's purpose. Minimize data collection and retention to reduce risks and respect users' privacy.

Lock it up

A lot of the security is handled for you by the Appfarm Platform, such as using strong encryption in transit and at rest. Access controls, permissions, and roles are easily set up in Appfarm Create. Keep permissions and roles at a minimum per user, and employ a good procedure for requesting additional permissions. Keep personal information safe and regularly upgrade your app by logging in and deploying to production.

Respect user rights

Let your users exercise their GDPR rights, such as accessing, editing, and erasing their data. Build mechanisms in your app to handle these requests promptly. Communicate with inactive users to avoid collecting personal data unnecessarily.

In situations when you are a data processor (e.g. when you make an app from another company), you should have a DPA in place.

Disclose third-party services

If your app integrates with third-party services, ensure they're GDPR compliant. Clearly disclose these services and their privacy practices to your users. This can be done on a sub-processor page on your website.

Report breaches

Have a plan in place to detect and report data breaches quickly. Notify both the supervisory authority and affected users if a breach occurs. In the event of a data breach in Appfarm’s systems, the affected customers of Appfarm will be notified within 72 hours of discovery, whereas you then have a further obligation to notify your affected customers.

Publish transparent policies

Create a clear and concise privacy policy and data protection notices that users can easily access from within your app. Keep them informed about how their data is being handled.

Stay up to date

Regularly review your app's GDPR compliance, especially if there are changes either to your data processing activities or to regulations. Regularly review users, roles, and permissions. Staying up to date is key to maintaining compliance.