On 16 April 2015, the National Directorate of Personal Data Protection Order 18/2015, including a Guide to good privacy practices for the development of applications, entered into force following the publication in the Oficial Bulletin. The Order outlines the data protection requirements that apply to the application developers and providers, including software programs. In particular, the Order specifies that application developers and providers have to comply with the principles of privacy, including obtaining the data subject's consent, processing the data in accordance with the purpose specified when the data was collected, and ensuring data quality and security. The Order outlines the privacy requirements that apply to applications, including eight basic steps to develop data security policies, including following privacy by design, privacy by default and using privacy-enhancing technologies. Furthermore, the Order specifies that entities are required to develop a privacy policy and outlines the information that has to be specified and clarifies that cloud storage is considered an international data transfer, and the entities have to comply with the data transfer requirements. Finally, the Order outlines data protection measures that have to be implemented if children use the applications.
Original source