What we do
If your systems hold data about any EU citizen, there needs to be a valid legal basis for processing personally identifiable informaion. Systems have to protect the rights of data subjects, Privacy notices must be adequate. Security of data and backups needs to be clearly documented and privacy and data protection should be by design. To my mind this rules out a lot of current cloud solution providers. It rules out backups being convenently dumped in cloud storage (unless encrypted). It rules out using dropbox or google cloud storage or AWS or icloud to store personally identifiable information. It is important therefore to act on GDPR now. Even if one EU citizen uses your product or service the product or service must comply with GDPR.
Need a GDPR readiness assessment?
We provide GDPR readiness assessments especially suited to software and apps companies.