Do you collect any data about your users?
Do you store data on your servers or in cloud?
Do you collect anonymous data?
What data are you collecting?
BE CAREFUL!
Anonymous data
Your system has some potential weak points, review it to ensure data anonymity. Ensuring non-linkability and avoiding re-identification is challenging and this needs to be constantly verified since technology and dataset availability are evolving rapidly.
The EU Commission’s advisory body suggests you should still protect anonymous data and consider them as personal data.
"The WP acknowledges the potential value of anonymisation in particular as a
strategy to reap the benefits of ‘open data’ for individuals and society at
large whilst mitigating the risks for the individuals concerned. However,
case studies and research publications have shown how difficult it is to create
a truly anonymous dataset whilst retaining as much of the underlying information
as required for the task."
(Article 29 Working Party)
BE CAREFUL!
You are storing data locally.
Storing data on devices or local memories simplifies your privacy related requirements, but is not a good security practice.
Storing data locally gives your user full control over their data so (usually) there is no need to inform Data Protection Authority about processing. However, you need to enforce security measures - like a strong enough encryption - to protect those data, which still will be unrecoverable if the device is lost or stolen.
Professional advice:
Storing data on a server will increase your privacy-related requirements, but will guarantee data security in case of malfunctioning, accidents, loss or theft. It will also make things easier for you and your users when they upgrade their device.
ATTENTION!
Personal data
It appears you are storing personal data. Those data are protected under GDPR, although with less stringent requirements.
Personal data are defined in the GDPR as follows:
"Personal data is (...) any information relating to an identified or identifiable
natural person (‘data subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier such
as a name, an identification number, location data, an online identifier or to one
or more factors specific to the physical, physiological,genetic, mental, economic,
cultural or social identity of that natural person."
(extract from art.4(1))
When it comes to personal data, the technical measures you need to take are less stringent than for sensitive data. However, you may still want to protect it securely.
ATTENTION!
Sensitive data
You are collecting and managing highly sensitive data that must be protected effectively. According to current EU privacy laws, managing sensitive data imposes special security requirements from both the administrative and technical points of view.
Article. 4(15) of the GDPR, defines "data concerning health" as: "personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status".
Besides that, sensitive data also include information regarding racial or ethnic origin, political opinions, religion or other beliefs, trade union memberships, biometrics which identifies a person, genetic, and information on offences or convictions.
ATTENTION!
Pseudonymous data
You store highly sensitive data without personally identifiable information, also known as pseudonymized data.
GDPR defines "pseudonymization" as follows:
"the processing of data in such a manner that the personal data can no longer be
attributed to a specific data subject without the use of additional information,
provided that such additional information is kept separately and is subject to
technical and organizational measures to ensure that the personal data are not
attributed to an identified or identifiable natural person"
(extract from art.4(5))
Pseudonymisation is considered a good security practice, but its implementation is not trivial. Although pseudonymous data does not directly reveal a user’s identity, they can still pose a threat: if stolen, this information can be combined with other data from external sources, which in the past has caused leaks of very sensitive information.
ATTENTION!
Potentially sensitive
You are storing data that might be considered sensitive. Data in this category has to be assessed on a case-by-case basis.
Art. 4(15) of the GDPR defines "data concerning health" as: "personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status". However, there are often grey areas, especially regarding well-being and fitness-tracking apps.
According to the current EU Data Protection Directives, data that could potentially disclose users' health status is considered potentially sensitive and additional security safeguards must be applied.