Understanding the General Data Protection Regulation and how it applies to mobile applications serving EU users.
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs how organizations collect, store, and process personal data of individuals in the European Union.
Any mobile app that processes personal data of EU residents must comply with GDPR, regardless of where the company is based. This includes requirements for consent, data security, and user rights.
€20M
or 4% of global revenue
Maximum fine
72 hours
breach notification
Required timeframe
Core principles that must guide mobile app data processing
Personal data must be processed lawfully, fairly, and transparently.
Data must be collected for specified, explicit, and legitimate purposes.
Only collect data that is necessary for the specified purposes.
Personal data must be accurate and kept up to date.
Data should not be kept longer than necessary.
Ensure appropriate security of personal data.
Rights your app must support for EU users
Users can request a copy of their personal data.
Users can correct inaccurate personal data.
Users can request deletion of their data.
Users can receive their data in a portable format.
Users can object to certain data processing.
Users can limit how their data is processed.
Scan your mobile app for GDPR compliance issues including data storage, consent mechanisms, and privacy controls.
Start GDPR ScanWe use necessary storage for security and login. With your permission, we also use analytics to understand page journeys and marketing pixels to measure ad campaigns.