Ok I’ve done some more research, I was investigating GDPR anyway as I’m currently working on this (not the technical development but the general outline and connecting EU investors to this platform). A couple of things that are of interest;
- for me its was relevant that GDPR applies to individuals NOT companies, so that basically sets us in the clear as we’re only working with companies
- for Blynk matters obviously lie differently. You biggest concern is that EU citizen data must be stored on EU soil, I don’t know where your blynk server(s) are but thats a rather essential one.
- next GDPR applies to data by which an individual can be uniquely identified (e.g. e-mail address). So a mac-addres seems to be fitting that category neatly a local IP address not. Its impossible to link someone to e.g. 192.168.1.83
- where stuff gets a bit fuzzy is the fact that I can retrieve my mac address of my iot devices and use these in blynk: effectively storing them on the blynk-server. So whether there’s a big difference with the user collecting that data and storing it on your server or the app collects that data and stores it on the server… Another rather important part is that in your case you’ll also have to deal with companies using Blynk for end-users. If they make use of the Blynk server they have to close an agreement with you over the stored data of their end-users.
I have a rather big interest in this because I work with/coach/advise a LOT of start-ups and this is especially for start-ups the new pain. For one: has Blynk already employed a ‘data privacy officer’? Its good that you don’t actually have to have someone like that employed, but can have such an officer on a ‘when required contract’, but its yet another time and money sink for start-ups…
Anyway, the final point is is that these changes and ‘blynk’ in general should be checked by such an (certified) officer. I don’t think you’ll have to worry too much over this initially as I cannot imagine that the EU starts squeezing start-up companies. The only risk you run (if you don’t comply) is a user or company (competition) with mal-intent.
this topic is derailing fast, so lets keep it at this.