Sequential recommendation techniques are considered to be a promising way of providing better user experience in mobile commerce by learning temporal interests within historical user interaction behaviors. However, the recently increasing focus on privacy concerns, such as the General Data Protection Regulation (GDPR), can significantly affect the deployment of state-of-the-art sequential recommendation techniques, because the user behavior data are no longer allowed to be arbitrarily used without the user’s explicit permission. This paper proposes a novel sequential recommendation technique, namely DeepRec, which invents an on-device deep learning framework of mining interaction behaviors for recommendation without sending any raw data or intermediate results out of the device, preserving user privacy maximally. DeepRec constructs a global model using data collected before GDPR and fine-tunes a personal model continuously on individual mobile devices using data collected after GDPR. DeepRec employs the model pruning and embedding sparsity techniques to reduce the computation and network overhead, making the model training process practical on computation-constraint mobile devices. Evaluation results over a widely-adopted publicly released user behavior dataset from Taobao, which contains around a million users and 72 million clicks, show that DeepRec can achieve comparable recommendation accuracy to existing centralized recommendation approaches with small computation overhead and up to 10x reduction in network overhead.