DEV Community

Cover image for What is GDPR compliance?
Pratik Singh
Pratik Singh

Posted on

What is GDPR compliance?

In this post, we will talk about GDPR. If you are a student, this is a good to know but not a must! This article is more for working professionals.

What is GDPR?

GDPR or General Data Protection Regulation is a law protecting the use of personal data of EU Citizens. It applies to any company that does business with people in the European Union, even if the company itself isn't located there.

Read the official docs: Here


Why should you care?

What if your company/product is not GDPR Compliant, am I right? Even I did not care about it much until now. I am a Developer, why do I care? Let me just ensure my API calls are fast enough and the deployments are reliable.

But wait... I will explain the stakes here.

Let me just put a line from their official law here:

There are two tiers of penalties, which max out at €20 million or 4% of global revenue (whichever is higher), plus data subjects have the right to seek compensation for damages.

Yes €20 million is the fine 🤯🤯!!


Now that I have your attention let's dig deeper:

GDPR in simple words:

Yes GDPR is not only a legal mumbo jumbo. I feel it's more like a design approach for your software.

  • Imagine building software with privacy woven in, not bolted on.
  • Forget collecting everything; minimize data like it's gold.
  • Secure it fiercely with encryption and access controls.
  • Keep your software updated and keep vulnerability scanning for weak points in your infra
  • Be transparent about what you do with it.
  • Share minimum data with third-party software
  • Empower users with clear consent and deletion rights

No matter whether you do Front-end, Backend, or DevOps. You need to keep this point in your head.

This is my crude interpretation of the law. You can read the whole in the last link (Hehe I know you didn't read it).

So for you this is a simpler explanation of GDPR: Here


FAQs

1. Do Developers need to check on this?

Honestly depends on your organisation. Some tools and consultants can do it for you. If you are a really small company buckle up kiddo, there is a refactor of code pending. Or you know hire a really good lawyer!

2. If my company doesn't operate in the EU?

Yes GDPR would per se apply to you. But understand 95% of all countries have come up with similar laws. More on it later!
But if you are GDPR compliant, you will not have issues with most of the other laws on this.

3. Do we need to do a regular audit for it?

Well as far as I understand it. As a Developer, you need to keep this in mind while building software. Audits are usually done occasionally depending on your company and country.

4. Who will complain against your company/product?

Well in the EU each country has its own body regulating and enforcing this to most companies used by EU citizens. Even a user who can prove it's a violation can do it!


Extra

You can choose to completely ignore this. It goes beyond the scope of GDPR

  • While learning about GDPR, I found even in Indian Government came up with Digital Personal Data Protection (DPDP) Act, 2023 🇮🇳🫡. So if you are building within India read : Here

  • I would like to Thank Sunny Sir, he asked me some good questions on GDPR and I wasn't able to answer them. I learned not to hear a word and accept the explanation told by people. Maybe google it once!


If you liked this content you can follow me or on Twitter at kitarp29 for more!

Thanks for reading my article :)

Top comments (1)

Collapse
 
janvithakkar profile image
Janvi Thakkar

Awesome info @kitarp29