Next year the European Union’s new privacy guidelines GDPR (General Data Protection Regulation) will roll out and cover the handling of personal data. So these are the items to consider for your backlog.

Please note that most areas are already covered in the EU data protection directive. The GDPR adds a little bit on top of that and clarifies details.

1. The consent for the use of private data.The GDPR rules consent as specific, informed and unambiguous. You could identify that as explicit opt-in.
2. Control over personal dataSometimes coined as the right to be forgotten, the control over personal data is to an extent that the user must be able to delete the data about his person.
3. Information on personal dataIndividuals have the right to be informed on how the collected data is used and also which persons have access to their data.

The GDPR mentions and encourages the following techniques as possibilities.

• Encryption
• Anonymisation
• Pseudonymisation (for example through the use of tokens)

How does this influence app developers?

The importance of the GDPR goes far beyond the checkbox for consent. You have to consider it for analytics, APIs for accessing or exporting data and user hierarchies.

Setting the groundwork for GDPR compliance is not an option. May 2018 will show how the law will be executed.