Apple today told developers that it is offering a set of tools to help them fulfill data requests made by users in the European Union or other places around the world to comply with the General Data Protection Regulation (GDPR) that goes into effect in May.
Following the implementation of the GDPR developers will need to comply with customer requests for accessing, managing, restricting, and deleting data. To facilitate this, Apple says developers can let users manage data that's associated with an app and stored in iCloud by using native APIs and Web APIs.
You can let users manage data that's associated with your app and stored in iCloud by using native APIs and Web APIs.
Providing User Access to CloudKit Data
Give users access to the data stored by your app on their behalf.
When a user requests a copy of the data associated with their Apple ID, it includes only the data that Apple maintains directly, such as documents in iCloud Drive. Data stored in third-party CloudKit containers are not included in any export that Apple provides. Developers should provide their own method for users to get a copy of data stored in their CloudKit containers.
Responding to Requests to Delete Data
Provide options for users to delete their CloudKit data from your app.
Apple too will be implementing new features to comply with the new European regulations. Starting in Early May, the company will introduce an updated Apple ID website that will allow users to download all of their data stored with the company.
Apple also plans to allow customers to use the site to correct personal information, disable Apple ID accounts, and permanently delete an Apple ID. These tools will be available in Europe first before expanding to other areas of the world.