The European Union General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018.
The brainCloud team has reviewed the requirements, and recently made changes to our Acceptable Use Policy, Privacy Policy, and Terms of Service to clarify our support for the new regulations.
From a technical perspective, brainCloud provides a solid foundation for building GDPR-compliant apps. brainCloud does not utilize, aggregate or mine any app and/or end-user data - and we don't share this data with any third parties.
When an end-user account is deleted (via the DeleteUser() function), it is fully deleted from brainCloud - no trace of that user remains in our system.
That said, building upon brainCloud alone is not enough. You as an app developer must ensure that your app treats end-user data in compliance with the GDPR, and implements the necessary features for complying with the rules.
Here are a few tips for ensuring that your brainCloud app is GDPR-compliant:
Don't store more end-user data than your app requires.
Keep the personal information that you store about a user in user-entities which can easily be made available to users that enquire. brainCloud's User Monitoring features make viewing and retrieving this data simple.
Ensure that your end-users have access to a delete account function. This function should call the brainCloud DeleteUser() function - which completely deletes the user's account, removing with it the users email, push notification tokens, anonymous and authenticated credentials, user entities, group relationships, leaderboard entries, etc.
You may need to write a script to delete any global data (via Global Entities) or offboard data that your app may store about a user. Consider hooking this script up to brainCloud via a Post-Hook to the DeleteUser() function so that you can be sure that it gets called automatically after DeleteUser() completes.
Ensure that any communications between your app and other servers (via cloud code or directly from your app) is encrypted and secure. [All built-in brainCloud integrations use encrypted communications.]
Here are some useful GDPR references:
Good luck!
Your feedback is important to us. Please rate this response below. Thanks!