Next May, Europe’s data protection rules will undergo a major overhaul. The existing Data Protection Act (DPA), will be replaced by the European Union’s (EU) General Data Protection Regulation (GDPR), a framework that will change how businesses and public sector organizations can handle customers’ personal data – with much tougher punishments for those who fail to abide by the new rules.
The GDPR is meant to unify data protection for all individuals within the EU, as well as address the export of personal data outside of Europe. It aims to return the control over personal data to European nationals and residents and to simplify the regulatory environment in which international business is conducted.
Once implemented, the new regulation will be binding of all companies processing and holding personal data of people residing in the European Union, regardless of the company’s location. This includes mobile apps. Businesses will have to prove they have made the necessary changes to protect user data, or face hefty fines for noncompliance – 20M Euros of 4% of their annual profit. What’s more, mobile apps found to be noncompliant run the risk of being banned from app stores; a risk no business should be willing to take.