Editor’s Note: In her article, How GDPR Will Change The Way You Develop, digital law expert Heather Burns of Glasgow, Scotland, explores what developers need to know about the new data protection regime.
Extract from article by Heather Burns
Who Is Impacted By The Privacy Overhaul?
European data protection rules are, and always have been, extraterritorial. They apply to all personal data collected, processed, and retained about persons within the European Union regardless of citizenship or nationality.
That simply means that if you do business in Europe, or collect data on European users, you must protect their data in full accordance with the regulation as if you yourself were in Europe. If you are not prepared to meet that legal requirement, you should not do business in Europe. (Indeed, any developer collecting European data who is surprised to hear this news should explain what they have been doing with that data since 1995.)
GDPR applies to all businesses, organizations, sectors, situations, and scenarios, regardless of a business’s size, head count, or financial turnover. A small app studio is every bit as beholden to these rules as a large corporation.
Europe’s data protection regime stands in stark contrast to that of the U.S., which has no single overarching, cross-sector, or cross-situational data protection law. What little privacy law there is in the U.S. tends to be applicable only within sectors or states. The American approach also tends to view privacy as a subset of contract or property law, not its own discipline. This cultural difference often sees American developers struggling with the concept of privacy as a fundamental human right enshrined in law, a situation which has no U.S. equivalent. That gap does, unfortunately, add a few more steps to the compliance journey for U.S. developers tasked with getting to grips with the European framework.
How Does Your Development Workflow Need To Change?
Whatever programming language you work in, role you hold, or product you create, GDPR requires you to be more structured and transparent about how you do things. Yet far from being a burden, you will find these obligations common-sense and surprisingly welcome.
Let’s go over the ways that GDPR will impact your development workflow. We can divide this into two broad areas: how you work within your business, and how you develop with the code.
- How To Protect Your Users With The Privacy By Design Framework
- Data Protection: Better Rules for Small Business