The General Data Protection Regulation (GDPR) was created by the European Commission and Council to strengthen and unify Europe's data protection law, replacing the 1995 European Data Protection Directive. Although the GDPR is a European Union (EU) regulation, it applies to any organizations outside of Europe that handle the personal data of EU citizens. This includes the development of applications that are intended to process the personal information of EU citizens. Therefore, organizations that provide web applications, mobile apps, or traditional desktop applications that can indirectly process EU citizen's personal data or allow EU citizens to sign in are subject to the GDPR privacy obligations. Organizations face the prospect of powerful sanctions should applications fail to comply with the GDPR.
This three-part article summarizes the GDPR and explains how privacy regulation impacts and applies to the development and support of applications intended to be used by European Union citizens. Part 2 explores how to integrate privacy risk evaluation and mitigation within the software development lifecycle, and Part 3 provides practical application development techniques that can alleviate an application's privacy risk.
Written for IBM developerWorks, the guidance is in three parts
Part 1 - A Developer’s Guide to the GDPR - https://www.ibm.com/developerworks/security/library/s-gdpr1/
Part 2 - Application Privacy by Design - https://www.ibm.com/developerworks/security/library/s-gdpr2/
Part 3 - Minimizing Application Privacy Risk - https://www.ibm.com/developerworks/security/library/s-gdpr3/