The General Data Protection Regulation (GDPR) was big news for companies when it came into effect in 2018. It aimed to put more controls on how organizations manage the personal data of their EU-based users. Since the law’s enactment in 2018, some US states, such as California and Virginia, followed suit and passed their own data privacy laws for their respective residents. Companies that do business in those regions now have to ensure they comply with these legal requirements.
This post is the third in a series about what developers need to keep in mind when sorting out security and compliance for their application. The first article in this series covered how to build security for user communications, the second was about compliance certifications and regulations for SaaS apps, and this one is all about GDPR and customer communications. GDPR and similar regulations cover all communications from a company to its customers and prospects, including marketing and transactional notifications. If you are considering sending notifications to the users of your SaaS application, whether via email, push, or a Slack bot, you need to keep GDPR in mind when building your service.