Cupid is struggling. For over 2000 years, he has been spreading love all over the world with his arrows. His success ratio was unprecedented and for centuries, mankind - and a statue in the Louvre - willingly put him in the limelight. Today, however, people seem to have more faith in dating apps than in the god of love. He can't blame them: after all, finding your true love by "swiping" is less painful than having your heart pierced by a golden arrow.

Cupid realises that it's time to modernise his sole proprietorship and decides to develop his own dating app called "Cupid's Arrow". This turns out to be easier said than done: during a general search ("how do I start a dating app") Cupid discovers that he has to make sure his dating app is GDPR compliant. GDPR? He hears the rumble of thunder in Olympus. Fortunately, Cupid can count on the legal advice of Minerva.

To develop a dating app, this is what you have to do:

• Together with Minerva, Cupid makes an outline of his dating app and does an impact analysis. What exactly should that app be capable of? What personal data is required for this purpose? And will it process any sensitive data? If so, Cupid will also need consent. Unfortunately, the GDPR does not provide for an exception for mythological love gods.
• Coincidentally, Cupid recently helped the CEO of the Indian IT company "Trojan Horse" in finding his true love. In return, Trojan Horse will develop the app. However, in that case, Cupid must conclude a contract with them in the form of the European Commission's standard contractual clauses for the transfer of personal data to a processor established outside the EEA. Love connects many things, but apparently not international transfers of personal data.
• In any case, Trojan Horse must enable to include a privacy statement in the app. And for the users’ sake, this privacy statement should not be in Latin!
• Cupid would like to collaborate with "Paris & Helena", his mother Venus’ dating agency. Merging the two databases would increase the success ratio of Cupid's Arrow exponentially. This is not an easy task from a GDPR perspective. They will need the consent of the clients of "Paris & Helena" (something the mythological gods didn't take very seriously in the past) and the cooperation also requires a clear allocation of responsibilities between Cupid and Venus.
• Finally, since Cupid's main activity will be to process sensitive data on a large scale, he must also appoint a Data Protection Officer (or "DPO"). Fortunately, his colleague Mercury has just completed a DPO course. He also ensures that the app is included in Cupid’s record of processing activities.

With this all taken care of, Cupid's Arrow will be GDPR-compliant and ready to go live on 14 February.

And what about cookies on the Cupid's Arrow app? Keep an eye out for our next Privacy Talk!