With all commotion about internet safety, the question is raised: am I respecting the privacy of my users enough? Looking back a few decades one could certainly say we have made some great steps in protecting data from both unauthorized visitors as well as the big internet corporations; the latter being enforced not too long ago with the implementation of the new GDPR.

A lot of companies still have to get used to this idea. Many companies and freelancers are not compliant with GDPR to the full extent. This usually has to do with the sheer size and vagueness of this whole regulation. Right now this does not yet pose too big of an issue, since the enforcement is also something that is still in its infancy. However, it will not take long before the regulation starts to take shape.

We would like to offer you a few tips to improve your compliance with the GDPR.

Don't save what you don't need

This might sound obvious, but many online platforms still collect a great abundance of user data, where as only a very tiny part is actually used. User data is always sensitive, so if someone unauthorized would get access to this, it could have a great negative impact on your users, and in effect you. Saving less data will also save you a couple of paragraphs in your privacy policy. An extra step to always take while developing a new application or extending an existing one is to ask the question: "Do we really need this information now or in the future?" Even before the GDPR this was a smart step to take.

Clean up your existing (old) databases

What many people fail to realise is that the GDPR works with a retroactive effect. This means you most likely have sensitive data laying around you aren’t even fully aware of. Don’t just check what you’re currently working on, but also look in the dusty parts of your application. There’s no excuse for not knowing what you know, that just reeks of bad organisation

Check your second and third party privacy statements

If you work with third or second party services, and any user data is shared with them in whatever way, you should make sure they are fully compliant as well. It is your full responsibility to check this. They might be the ones at fault, but effectively you are responsible for the data of your own end users.

Don’t be evil

Google’s old motto. It’s questionable if they still live by it, but the motto is something we should appreciate. It’s looking at the issue at hand from a different perspective. It’s not about a list of rules you have to check and or implement. It’s about creating a safer and more reliable online environment for everyone.