The European Union General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018.
From a technical perspective, brainCloud provides a solid foundation for building GDPR-compliant apps. brainCloud does not utilize, aggregate or mine any app and/or end-user data - and we don't share this data with any third parties.
When an end-user account is deleted (via the DeleteUser() function), it is fully deleted from brainCloud - no trace of that user remains in our system.
That said, building upon brainCloud alone is not enough. You as an app developer must ensure that your app treats end-user data in compliance with the GDPR, and implements the necessary features for complying with the rules.
Here are a few tips for ensuring that your brainCloud app is GDPR-compliant:
- Don't store more end-user data than your app requires.
- Keep the personal information that you store about a user in user-entities which can easily be made available to users that enquire. brainCloud's User Monitoring features make viewing and retrieving this data simple.
- Ensure that your end-users have access to a delete account function. This function should call the brainCloud DeleteUser() function - which completely deletes the user's account, removing with it the users email, push notification tokens, anonymous and authenticated credentials, user entities, group relationships, leaderboard entries, etc.
- You may need to write a script to delete any global data (via Global Entities) or offboard data that your app may store about a user. Consider hooking this script up to brainCloud via a Post-Hook to the DeleteUser() function so that you can be sure that it gets called automatically after DeleteUser() completes.
- Ensure that any communications between your app and other servers (via cloud code or directly from your app) is encrypted and secure. [All built-in brainCloud integrations use encrypted communications.]
Here are some useful GDPR references:
Your feedback is important to us. Please rate this response below. Thanks!