How you can protect your clients’ data
Last updated
Was this helpful?
Last updated
Was this helpful?
Due to the nature of our product, Appfarm has no way of tracking what type of data you store in our platform and how you store, secure, and maintain it. The appropriate application design choices you make to stay compliant with GDPR will largely depend on the actual use case and context of data collection and processing. There is no silver bullet to becoming GDPR compliant. Rather, when creating apps that process personal data using Appfarm Create, it is the responsibility of the data controller to ensure the data is processed in accordance with the GDPR regulations. However, we’d like to make accomplishing this goal as easy as possible for you.
Here's an overview of aspects you need to consider to achieve GDPR compliance.
Before you start building an app, identify all the personal data your app will process. This data map will be crucial for your GDPR compliance journey.
Using production data for testing is strictly regulated, and we therefore recommend using synthetic data instead. Although using real personal data to reproduce realistic test scenarios can be tempting, it constitutes a major intrusion into an individual data subject's privacy. It’s important to remember that the data controller (in most cases, the end customer) is always responsible for ensuring the protection of personal data and compliance with data protection laws.
Understand the lawful bases for processing personal data under GDPR, like user consent, contract fulfillment, and legitimate purpose. Choose the right basis for each data processing activity in your app.
Obtain explicit and informed consent from your users before collecting and processing their data. This can be done with consent forms customized to your needs, e.g., a cookie banner that explains why you're collecting data and how it will be used.
Only gather the data necessary for your app's purpose. Minimize data collection and retention to reduce risks and respect users' privacy.
The Appfarm Platform handles much of the security for you, such as using strong encryption in transit and at rest. Access controls, permissions, and roles are easily set up in Appfarm Create. Keep permissions and roles at a minimum per user and employ a good procedure for requesting additional permissions. Keep personal information safe and regularly upgrade your app by logging in and deploying it to production.
Let your users exercise their GDPR rights, such as accessing, editing, and erasing their data. Build mechanisms in your app to handle these requests promptly. Communicate with inactive users to avoid collecting personal data unnecessarily.
When you are a Data Processor (e.g., when you make an app for another company), you should have a DPA in place.
If your app integrates with third-party services, ensure they're GDPR compliant. Clearly disclose these services and their privacy practices to your users. This can be done on a sub-processor page on your website.
Have a plan in place to detect and report data breaches quickly. Notify both the supervisory authority and affected users if a breach occurs. In the event of a data breach in Appfarm’s systems, the affected customers of Appfarm will be notified within 72 hours of discovery, whereas you then have a further obligation to notify your affected customers.
Create a clear and concise privacy policy and data protection notices that users can easily access from within your app. Keep them informed about how their data is being handled.
Regularly review your app's GDPR compliance, especially if there are changes to your data processing activities or regulations. Also, regularly review users, roles, and permissions. Staying up to date is key to maintaining compliance.