Appunta
Sheet n°0: Develop in compliance with the GDPR
Whether you work alone, are part of a team developing a project, manage a development team, or are a service provider carrying out developments for third parties, it is essential to ensure that user data and all personal data processing are ...
Sheet n°1: Identify personal data
Understanding the notions of “personal data”, “purpose” and “processing” is essential for the development of law enforcement and user data. In particular, be careful not to confuse “anonymisation” and “pseudonymization”, which ...
Sheet n°2: Prepare your development
The principles of personal data protection must be integrated into IT developments from the design phase onwards in order to protect the privacy of the people whose data you are going to process, to give them better control over their data and to ...
Sheet n°3: Secure your development environment
The security of production, development and continuous integration servers as well as developer workstations must be a priority because they centralize access to a large amount of data.
Sheet n°4: Manage your source code
Whatever the size of your project, it is highly recommended to use a source code management tool, such as a version control system, to track its different versions over time.
Sheet n°5: Make an informed choice of architecture
When designing the architecture of your application, you must identify personal data that will be collected and define a path and life cycle for each of them. The choice of supporting assets (local storage, server, cloud service) is a crucial step, ...
Sheet n°6: Secure your websites, applications and servers
Any website, application or server must incorporate basic state-of-the-art security rules, not only on network communications but also on authentication and infrastructure.
Sheet n°7: Minimize the data collection
You shall only collect personal data that is adequate, relevant and necessary in relation to the purposes for which they are processed, as defined at the time of collection.
Sheet n°8: Manage user profiles
The way to manage profiles of your collaborators and your end-users must be thought out upstream of your developments. It consists in defining different access and authorization profiles so that each person can access only the data he or she actually...
Sheet n°09: Control your libraries and SDKs
Do you use libraries, SDKs, or other software components written by third parties? Here are a few tips on how to integrate these tools while keeping control of your developments.
Sheet n°10: Ensure quality of the code and its documentation
It is essential to adopt good code-writing techniques as soon as possible. Code readability reduce the effort of maintenance and bug fixes over time for you and your (possibly future) collaborators.
Sheet n°11: Test your applications
Testing your product allows you to check its correct operation, to ensure a good user experience and to find and prevent defects before it goes into production. Testing your product also reduces the risk of personal data breaches.
Sheet n°12: Inform users
The transparency principle of the GDPR requires that any information or communication relating to the processing of personal data should be concise, transparent, comprehensible and easily accessible in plain and simple language.
Sheet n°13: Prepare for the exercise of people’s rights
The persons whose data you process have rights on his or her data: right of access, to rectification, to object, to erasure, to Data Portability and to restriction of processing. You must give them the means to effectively exercise their rights and ...
Sheet n°14: Define a Data retention period
Personal data cannot be kept for an indefinite period of time: this must be defined according to the purposes of the processing. Once this purpose has been achieved, the data should be archived, deleted or made anonymous (e.g. in order to ...
Sheet n°15: Take into account the legal basis in the technical implementation
Processing of personal data must be based on one of the “legal basis” mentioned in Article 6 of the GDPR. The legal basis of a processing operation is in a way the justification of the existence of the processing operation. The choice of a legal ...
Sheet n°16: Use analytics on your websites and applications
Audience measurement tools are used to obtain information about the navigation of visitors on a website or mobile application. In particular, they make it possible to understand how users arrive at a site and to reconstruct their journey. Using ...