GDPR - The Practical, No-Fluff, Actionable Todo List
GDPR hell is here. After reading too many GDPR articles, I’ve decided to summarize the important stuff in a short, clear, no-fluff actionable list. A list I can use to prioritize our work internally, and hopefully a list that can help other developers or product managers understand what needs to be done. General Guidelines: Save as little personal data as possible. Avoid making fields mandatory unless absolutely required by the business. (please note that Apple is already rejecting apps for excessive use of mandatory fields). Allow users to edit their data at any given time (make sure you have an “edit” functionality). Don’t track user activity to learn their taste and interests (probably relevant for marketing and giant companies) - I wouldn’t get excited about this one. Security questions should not use personal data (like your kid’s name). Encryption: Use HTTPS Encrypt all personal data (email, phone, address) with st...