Security & Privacy

How to turn a GDPR Compliant App


This section explains how you can turn your app GDPR Compliant. After completing this guide, step-by-step, you will be safe and able to store European Data in your application without breaking any rules in your backend.


To get started with this tutorial, you will need:

  • An account created in Back4App.
  • An app that you want turn GDPR Compliant. Don’t you have any apps yet? Create a New App

What is GDPR?

The GDPR - General Data Protection Regulation is an extensive new European law that mandates how companies can collect, store, delete, modify, and otherwise process the personal data of EU citizens. The GDPR was adopted on 27 April 2016 and becomes enforceable from 25 May 2018, after a two-year transition period. The GDPR will substitute the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to standardize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state. It applies to any company that processes the personal data of EU citizens, irrespective of whether it has any physical presence in the EU, or even whether it has any EU customers. Companies are also required to pass these obligations down to all of their vendors who may also handle the personal data of EU citizens anywhere in the world.

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach, or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors – meaning ‘clouds’ will not be exempt from GDPR enforcement.

Back4App as data controller

Back4App will act as a data controller when it determines the purposes and means of the processing of personal data. Some examples are: (I) When we store data regarding account registration, administration, services access. (II) When were store data regarding support activities.

How can you be GDPR compliant?

1 - Complete the Addendum by signing and providing the Customer’s full legal entity name, address and signatory information;

Download DPA (PDF)

2 - Submit the completed and signed Addendum to Back4App via email to [email protected].

In this email, you must also mention the app(s) that you want to turn GDPR Compliant.

Take a look at the Back4App GDPR Page for extra information.