As data, the new oil of the digital era continues to drive the economies around the globe, privacy and protection of data is in the spotlight. On 25 May 2018, The European Union led the pack by enforcing GDPR into full-effect, thereby making a milestone in data protection laws across the European Union (EU).
What is GDPR?
The General Data Protection Regulation (GDPR) is a control in the EU law aimed to standardize and strengthen citizen’s data protection rights across EU. It considers consumer to be the owner of the data, and organization has to obtain an affirmative consent from consumer to be able to use consumer’s data or allow consumer a right to delete it whenever consumer wishes to.
Who does it apply to?
What is Personal Data?
Personal data is at the heart of the GDPR. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). The definition is quite broad now and includes identifiers such as genetic, biometric, health, ethnicity, financial standing, political opinions, IP Address etc.
Why is it necessary to adopt GDPR?
It is important to adopt GDPR to the fullest and avoid any breaches, as GDPR lays heavy financial penalties on non-compliant organizations. One also runs into a risk of loss of reputation. Further, Privacy by design is crucial for organisations also because it acknowledges the need to rethink cyber security processes. The threat of data breaches rises each year, and organisations have so far struggled to find effective solutions. Adopting a privacy by design approach will increase organization’s awareness of privacy and data protection issues, helping them identify and address vulnerabilities promptly.
What are the advantages of adoption of GDPR?
What it means for India & Indian companies?
The new law will have both direct and indirect impact on Indian business and India’s legal approach to privacy and data protection. Evidently as the new law kicked in, companies across the world have updated their consent terms and privacy policies – therefore, many of us in India are getting these notification, even though it is not necessary in India as yet. While most Indian organizations are unaffected by GDPR, some Indian sectors such as IT, the outsourcing industry and pharmaceuticals might be hit by the GDPR as they have operations in EU markets. Because of complexities involved in implementing GDPR, a new opportunity emerges for individuals and risk management companies to offer consulting and auditing services on GDPR. The new data protection framework being drafted under Justice Srikrishna Committee is likely to be influenced by the provisions under GDPR, and we may see similar need of data protection emerging for Indian businesses too.