GDPR and How Mobile Should Prepare

GDPR and How Mobile Should Prepare

It’s not just the EU that needs to worry — GDPR will affect developers at a global level

The European Union GDPR, set to take effect on May 25th of 2018 will have a larger impact than the assumed immediacy of the European Union. What this means for mobile developers worldwide is the need to adhere to a new set of regulations; such rules will impact the way in which EU-based user data is captured, stored, and managed. It is important to be prepared, as fines and penalties are slated to be devastatingly impactful should there be a misstep.

Let’s jump into the details.



What is the GDPR?

GDPR, or General Data Protection Regulation, is an EU law that is designed to strengthen privacy and protect data for individuals across all EU countries.  At its core, GDPR sets in motion new rules designed to give users, specifically EU citizens, control over their data and knowledge of how it is being utilized. Furthermore, it aims to simplify the regulatory environment so both citizens and businesses can fully benefit from the digital economy.


Some of the key privacy and protection requirements include:


  1. Requiring the consent of subjects for data processing
  2. Anonymizing collected data to protect privacy
  3. Providing data breach notifications
  4. Regulating the transfer of data across borders to ensure a safe procedure
  5. Requiring certain companies to appoint a data protection officer to oversee GDPR compliance


GDPR will go into effect on May 25th, 2018, and will enforce stiff penalties if the guidelines are not followed.

GDPR Will Affect U.S. Companies


If your company or organization collects or processes the personal data of an EU citizen, you will be required to follow the set regulations including those listed above. Your team will be on the hook to obtain consent from prospects and customers before collecting additional personal data and furthermore, must offer a clear means for deleting their records upon request.


If your company fails to meet any of the newly set regulations, be prepared for a possible EU-imposed fine. GDPR will apply sanctions to U.S.-based businesses through jurisprudence, and the aid of international law.


  1. U.S. companies with a physical presence in the EU: GDPR can be enforced directly against [U.S. companies] by EU member state authorities.
  2. U.S. companies without a physical presence in the EU: GDPR addresses this issue for companies that have more than 250 employees or process large amounts of data “by requiring companies without an establishment in the EU … to designate a ‘representative’ located in the EU.”


The reality is that this won’t apply to every U.S. company or organization, just the ones knowingly and actively conducting business in the EU. In this vein, EU courts have the discretionary ability to determine if any U.S. company was purposely collecting EU resident data and subverting GDPR compliance, which can be upheld under international law.


If your team is unsure of how to broach GDPR, Microsoft has put together a guide to assess your team’s  GDPR Readiness.



GDPR for Mobile Apps

Because GDPR defines “personal data” as the recording of any data that could identify an individual, many mobile apps stand to be affected. Names, phone numbers, addresses, as well as digital information including usernames and locations, ultimately signify that publishers will be responsible for the array of user data at their disposal.


Application owners must begin a process with their users towards demonstrating data-transparency, including how and why their personal and usage data are being stored. This requirement will place the onus of communicating updates and processes to EU users by May 25th of this year, a measure that is being touted a ‘first step in data security’ by GDPR regulators.


As an additional measure of security, publishers will be fully responsible for tracking the movement of sensitive data including all digital and physical access to it. As such, it will be imperative for publishers to thoroughly document data changes and maintain pristine logs.


The many regulations mandated by GDPR do have the benefit of falling in line with Shockoe ’s existing best practices. Data security in an age of rising cybercrime means that the responsibility of securing sensitive information falls into the hands of developers. Any mobile environment that exchanges data between app and server should be encrypted; this is a position that Shockoe always stands by with its clients.


Ready to Prep for GDPR?

Here are a few things for your company to consider regarding your mobile technology in preparation for GDPR deployment in spring 2018:


  1. Determine which data matters to your team and cut out the less-important fields
  2. Inform users of GDPR updates and obtain consent to store their data
  3. Respond to user requests in a timely manner
  4. Encrypt user data
  5. Ensure users are updated promptly about security incidents
  6. Know your technology and potential weak links, and address them with urgency

If it’s worth stating, it’s worth restating: Fines can reach up to 4% of global annual revenue or $23,000,000, whichever is higher. With fines this high, organizations can run the risk of severe penalty and even catastrophic failure, which is a sign of how serious the EU is taking consumer privacy through GDPR.  

Such a drastic shift in data regulations can be unquestionably daunting and confusing. There are many variables at play and potentially high consequences for not considering them all. If you work for a U.S. based organization, give us a call or send us an email; we’ll be glad to guide you through the required changes or discuss your specific needs.


Design Tips to Increase Satisfaction in Banking Apps – Part 1 of 2

Design Tips to Increase Satisfaction in Banking Apps – Part 1 of 2

Retail banking consumers now prefer using their mobile devices more than any other bank interaction, which makes a mobile app a primary component of overall customer satisfaction. With greater ease switching banking providers at a moment of dissatisfaction, banks need to place extra emphasis on keeping their customers happy and loyal. This starts by giving customers the best tools available and a user experience that helps them access and navigate their banking needs without difficulty. Read more about our design tips for banking apps below. 


For the first section of this two-part series, we will cover examples of best practices that we have seen play a role in facilitating engagement and improving the user experience.

Any questions surfacing as you read? Give us a ring! You can always connect with us here.


Search & Navigation Part 1

Content Part 1

Guidance Part 2, coming soon

Privacy & Security Part 2, coming soon

Appearance Part 2, coming soon



Search & Navigation


According to J.D. Power, ‘Ease of Navigating’ is the key differentiator among top-performing mobile banking apps. If a consumer can find what they need in the app, this often yields a happy customer. This satisfaction can also impact bank operations by reducing calls to support centers with potentially aggravating wait times.


Let’s jump head first into some easily-executed ideas to help improve your app’s search & navigation as early as today.


Easy Login


Biometric logins such as fingerprint, face, or voice can facilitate a client’s access to their account.


Personalization Capabilities


Some banks give the user the ability to customize their application experience to their needs making each visit one that addresses their specific needs.


Using Navigation Icons with Label


An icon is meant to be universally recognized, but in many cases, they are not. It’s always a safe bet to provide a label next to the icon to provide clarity.



Use Plain & Simple English


Avoid using branded names that might be intuitive to your company, but not to a user. In short: use plain English when possible.




Transaction History Search


Most banking apps default to filtering transaction history by date. Giving the user the ability to search their account is one more way to facilitate finding that specific transaction they have in mind.



Appwide Search


Few banks offer app-wide search to locate features & information. It might just be what your clients needed to discover new or undiscovered features.



Clear ‘Back’ Access


Avoid using a home icon or cancel in place of a back.



Autofill/Type-Ahead Searching


We continue to be surprised at the number of banks not make use of this simple yet effective interaction. Your customers will be thrilled to have it implemented.




The content that users access in-app should be concise, easy to find, easy understand, and help them reach their goals—simple right? Here are a few ideas:


Key Information Front and Center


Some applications give users the choice to view account their account balances before login.




Helpful Services


Provide customers with additional services that could help them reach their financial goals.




Real-Time Alerts


Use real-time alerts to keep customers informed on important account updates such as direct deposits, personal information changes, and bill due dates.




Avoid Hiding Information


Some banks hide interest rates behind an extra tap or elaborate application process. Be nice to customers and let them know what they need to know.




Avoid Jargon-Heavy Content


Avoid words such as Debit, Payee, APR — instead use Withdrawal, Recipient, Interest Rate.



Guidance Part 2, coming soon

Privacy & Security Part 2, coming soon

Appearance Part 2, coming soon


Editor’s note: 

We know you’re thirsty for more. Part 2 will be coming very soon! While you wait, check out our latest thoughts on UX Strategy for Banks. 

Have any additional questions or want to discuss what Shockoe can do for you? Click here to connect with us. 

Adjustments to Your Bank’s UX Strategy

Adjustments to Your Bank’s UX Strategy

Among the sea of social media apps, news apps, and photo book-making apps I use – I have three kids! –  is my mobile banking app. I bank at a “traditional” or “retail” bank, meaning it has branches, versus an online-only bank. That being said, I never go to a branch. Anything I need to do I can do using my mobile banking app: check my transactions, transfer money between accounts, or deposit a check. Believe it or not, these things that users have come to expect out of their mobile banking experience, I have had to figure out rather the hard way with my current mobile banking app. The user experience of my bank’s app has never been truly intuitive, though it has gone through multiple iterations. Banking apps should not make it difficult for customers to complete basic tasks. By continuously putting user experience first and applying the following adjustments to your UX Strategy, your bank is guaranteed to drive revenue through customer loyalty. 


The first time I used Venmo, an app designed solely for people to be able to electronically send money, I immediately noticed the intuitiveness of the app. A few months after I started using Venmo, my bank came out with an identical feature. I could send money to friends or family no matter who they banked with. That’s as much as I know about it because the idea of using my bank’s clunky app for a task I found myself doing frequently seemed overwhelming, so I stuck with Venmo.


As more FinTech companies continue to disrupt, develop and innovate mobile banking applications, it will occur at the expense of lost market share for traditional banking institutions.The rising FinTech sector is making it easier making it easier for their customers to do more with their money.


At Shockoe we have advised our financial industry partners to consider two adjustments to their UX strategy as a result of this changing environment:


Implementing machine learning.


I, like many others, have predictable spending habits. I shop at the same places, I pay my mortgage, and I head to the grocery store at the same time. To keep an eye on my spending, I log into my banking app quite regularly.


The reason I point out these things is that this is all data that the banks can use to help make me a “stickier” client. I get random ads sometimes when I log into my account, but they don’t happen as I take an action, nor are they personalized to me.


Banks are leaving a great opportunity to interact with their customers on the table. They could ask questions about unusual spending to improve security and more importantly learn about shifting habits. e.g. “It looks like you made a purchase at Wegman’s last weekend, was that you?”, the app learns that this is now part of my purchase history and the algorithm changes. Similarly, new products could be touted as client data captures what looks like a night out: “Looks like you left the kids at home and recently went to the movies! Did you pay your babysitter with our easy system to send money electronically to people?”


There should always be a way to turn these kinds of alerts off, but banks know so much about their users, and using machine learning capabilities is one way they can use that data to try to engage more with their clients.


Making banking apps more social. 


A big part of Venmo’s popularity comes down to the fact that they’ve tapped into the special sauce of why social media is so popular/addictive. You can interact with people, keep up with their latest transactions and see why they’re sending or receiving money for. Obviously, security is n essential consideration in banking, but for people that are willing to share, this is another outlet for banks to engage their audience, encourage product use, and compete in an increasingly competitive FinTech industry.


Do people want to be able to brag about their savings account interest rate? What else are people comfortable with being able to show off in regards to their banking relationship? We work with our clients to run user group feedback sessions to find the answers to things like this. User feedback should be an essential consideration in designing an engaging user experience that extends beyond logging in and checking on account statements.


Banking apps should no longer think of themselves as a one dimension account statement viewing portal. FinTech will eventually edge them out of services such as peer to peer payments (venmo), machine learning (mint), and potentially edge them out of being a provider at all in lucrative services. I am a project manager at Shockoe and I’ve worked with two large banking clients as part of my tenure here, and these thoughts are coming from meetings with them and our approach helping them stay engaged with their user base and attract more users through their mobile app solutions. What’s cool is our clients know we work together to create mobile applications that people use, love, and remember, and that sometimes the problems are even solved by the project management team.