The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens to sign in are subject to the GDPR privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.

This three-part article summarizes the GDPR and explains how privacy regulation impacts and applies to the development and support of applications intended to be used by European Union citizens. Part 2 explores how to integrate privacy risk evaluation and mitigation within the software development lifecycle, and Part 3 provides practical application development techniques that can alleviate an application's privacy risk.

Written for IBM developerWorks, the guidance is in three parts

Part 1 - A Developer’s Guide to the GDPR -

Part 2 - Application Privacy by Design -

Part 3 - Minimizing Application Privacy Risk -

Also Related

Scan your app to find and fix OWASP Top 10 - 2017 vulnerabilities

Combating IoT cyber threats



EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View Privacy Policy

View e-Privacy Directive Documents

View GDPR Documents

You have declined cookies. This decision can be reversed.