A: Yes. Here’s a deep dive into how the Sensei Project Online Time Reporter App is GDPR compliant:
There is no personal user data asked/fetched: As per GDPR, if any personal data is fetched then it should be only with the consent of the end user. In the Sensei Project Online Time Reporter, we are NOT fetching any personal user data (not even the IP address) anywhere.
There is no sharing of data: The mobile app and Sensei do not SHARE personal user data, because the mobile app does not retain any personal user data, because it does not ask for or fetch this type of data anywhere in the mobile app.
Data loss prevention: Again, the Sensei Project Online Time Reporter doesn’t store any personal user data other than user credentials which are encrypted and being stored in keychain (iOS) and keystore (Android).
Complete transparency: GDPR dictates that there should be transparency while fetching user data and users should understand why the data is being requested. Again, in the Sensei Project Online Time Reporter we do not request or look for any personal data, so this point does not apply.
Heightened Secured APIs: The APIs used in the Sensei Project Online Time Reporter are completely secured and on SSL (Secure Sockets Layer), which provides an encrypted link between server and mobile app. This ensures that data passed between server and mobile app remains private, hidden and secure.
Cookies are not saved: The Sensei Project Online Time Reporter does not have a web application, so we’re only generating cookies to connect the end user’s mobile app with their Project Web App through REST services. The cookies generated are private and are destroyed once the mobile app receives a response from Project Web App.
More information can be found on GDPR Compliance here: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr/solutions