Compliance

Data manipulation is becoming increasingly regulated around the world. Get to know the most important laws, regulations and recommendations regarding the privacy of data manipulated through mobile devices and applications. For more information on how your company can comply, talk to one of our experts.
Contact us

European Regulations

ISO 27001:2022

ISO 27001 is an internationally recognized standard for information security management systems (ISMS). It states that any information stored on, processed by, or accessible…

GDPR

The GDPR is a European personal data privacy regulation that applies to any organization doing business in Europe, regardless of its physical location…

NIS2

The NIS2 Directive is an EU regulation that aims at protecting essential and important entities against cyber threats. It requires organizations that are part of industries identified…

DORA

DORA is an EU regulation aimed at ensuring the financial sector can remain resilient in the face of major operational disruptions. It sets technical standards for all financial…

PSD2

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company…

DPA

The DPA is the United Kingdom’s data protection legislation. After Brexit, it replaced the GDPR in the UK and largely mirrors its principles. Mobile data processors and controllers operating…

North American Regulations

HIPAA

HIPAA is a U.S. regulation that protects the privacy and security of individuals’ health information (PHI). It specifically safeguards the confidentiality of patients and health plan subscribers’ medical data…

CISA's Mobile Device Cybersecurity Checklist

The Cybersecurity and Infrastructure Security Agency (CISA) provides a checklist to help individuals and organizations strengthen the security of their mobile devices. The checklist…

PIPEDA

PIPEDA is Canada’s federal privacy law governing the collection, use, and disclosure of personal information in commercial activities. Mobile applications and services operating in…

FTC Act

The FTC Act grants the U.S. Federal Trade Commission (FTC) the authority to enforce fair business practices and protect consumer privacy. The Commission enforces even stricter…

International Standards & Cybersecurity Frameworks

PCI DSS

The PCI Security Standards Council is a global organization that maintains, evolves, and promotes security standards for organizations handling credit card data. It explicitly requires…

SOC2

SOC 2 is a standard developed by the American Institute of Certified Public Accountants (AICPA) to assess how well service providers manage data security, availability, processing…

European Regulations

ISO 27001 2022

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

GDPR

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

NIS2

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

DORA

DORA is an EU regulation aimed at ensuring the financial sector can remain resilient in the face of major operational disruptions. It sets technical standards for all financial entities including banks, insurers, and asset managers regarding their digital infrastructure and risk management. Under DORA, financial institutions must establish strong IT risk management systems, define incident response mechanisms, and implement application testing and third-party risk monitoring. Even software components sourced from external libraries remain the company’s responsibility. DORA requirements vary based on the entity’s size, risk profile, and services. Critical IT third-party providers are subject to enhanced oversight by European Supervisory Authorities.

PSD2

PSD2 is an EU directive designed to regulate payment services and encourage innovation in the financial sector. It applies to banks, payment service providers (PSPs), and any company handling financial data. For mobile applications offering payment services such as banking apps, mobile wallets, and shopping apps with payment features PSD2 mandates strong customer authentication and secure data transmission.

DPA

The DPA is the United Kingdom’s data protection legislation. After Brexit, it replaced the GDPR in the UK and largely mirrors its principles. Mobile data processors and controllers operating in the UK must comply with the DPA to ensure the lawful and secure processing of personal data. This law can lead to fines in case of non-compliance. For example, the credit reporting agency Equifax was fined £500,000 over its 2017 data breach by the UK Information Commissioner’s Office.

North American Regulations

HIPAA

HIPAA is a U.S. regulation that protects the privacy and security of individuals’ health information (PHI). It specifically safeguards the confidentiality of patients and health plan subscribers’ medical data. Medical and hospital applications access highly sensitive information, including personal data (contact details, social security numbers, insurance IDs), medical records, prescriptions, and doctors’ notes. With the rise of telehealth, even online consultations are stored. Handling such data brings serious responsibilities under privacy and security laws like HIPAA.

CISA’s Mobile Device Cybersecurity Checklist

The Cybersecurity and Infrastructure Security Agency (CISA) provides a checklist to help individuals and organizations strengthen the security of their mobile devices. The checklist covers key areas such as device configuration, network connections, software updates, application security, data protection, mobile device management (MDM), phishing, and social engineering.

PIPEDA

PIPEDA is Canada’s federal privacy law governing the collection, use, and disclosure of personal information in commercial activities. Mobile applications and services operating in Canada must comply with the Act, which grants individuals certain rights over their personal data and requires organizations to protect it with appropriate security measures.

FTC Act

The FTC Act grants the U.S. Federal Trade Commission (FTC) the authority to enforce fair business practices and protect consumer privacy. The Commission enforces even stricter regulations for sectors such as health, insurance, and finance. Also applying to organizations that develop mobile applications, the FTC Act ensures that businesses provide accurate and transparent information about data collection and protection.

International Standards & Cybersecurity Frameworks

PCI DSS

The PCI Security Standards Council is a global organization that maintains, evolves, and promotes security standards for organizations handling credit card data. It explicitly requires all merchants using mobile payments to protect cardholder data by maintaining a secure environment. PCI DSS notes that mobile devices are not inherently secure and must be reinforced with additional protection measures.

SOC 2

SOC 2 is a standard developed by the American Institute of Certified Public Accountants (AICPA) to assess how well service providers manage data security, availability, processing integrity, confidentiality, and privacy. It applies to technology and cloud-based companies that store or process customer data, including on mobile applications. SOC 2 requires strict internal controls and regular audits to ensure data protection and operational transparency.

Solutions

Mobile Device Security

Application Security

Use cases

Resources

Company

General Conditions of UseLegal MentionsPersonal data protection policy

The contents published on Pradeo's website, and especially on its blog, prevail over all reproductions and / or quotes published on any third-party media supports. Therefore, Pradeo disclaims all responsibility for all terms, definitions, turns of phrases, expressions and interpretations that may be used or made by any third-party media or any third-party media supports.

Linkedin Youtube
Scroll to Top