Firstly, I want to thank you so much for providing such help. It is really valuable.
I would like to ask you about the following.
I have a mobile application (Notes & todo lists) running on Android that stores & processes data.
- This data could be personal or personally identifiable.
- The app stores the data on the user's device in the app folder that is accessible by the user only.
- We do not collect or store any data in the cloud.
- The app also has google ads. Users are informed and have to give consent before using the app
- There is no requirement for sign up or requests for email, name, passwords, financial information etc.
- Data stored (because it is a notes app) can be personal interests, schedules, names, numbers etc.
What I would like to know:
Considering the app above:
1. If I do not encrypt the data stored in the device am I in breach of GDPR?
2. Do I need to appoint an EU Data Protection representative?
3. Does the GDPR really apply to this application since there is no collection of data and only the user has access to it?
Thank you so much for your help.