Follow us on

Category

Insights

General, Insights, Inspirational Quotes, Latest News, SAP Services, Search Engine Optimization, secured email, Updates, World

4 GDPR – General Data Protection Regulation Guidelines

Why in the news?

  • GDPR is applicable to all EU member states from May 2018

What is GDPR?

  • It is a comprehensive privacy and data protection law by the European Union, to protect the personal data of its people (residents and citizens, called data subjects) and to help them control how this data is collected is. Processed, shared and stored. .
  • It mandates companies (as data controllers and processors) to obtain “freely given, specific, informed and unquestioned” consent from data subjects about the circulation and use of data. Thus, the GDPR controls the export of this data outside the European Union.
  • Further, it is necessary to maintain a ‘record’ of consent under the new regime.

Key features of GDPR

General Data Protection Guidelines – GDPR
 

  • It forms member states, data protection authorities (DPAs) as well as the European Data Protection Board (EDPB) to regulate and enforce the GDPR and resolve disputes. Firms are required to appoint a data security officer (DPO) wherever applicable.
  • Data Protection Principles: Personal data should be processed according to the following six principles:
    • Action taken in a lawful, fair and transparent manner
    • Collected only for specific legitimate purposes
    • What is necessary is sufficient, relevant and limited
    • Must be accurate and keep up to date
    • Stored as necessary
    • Ensure proper security, integrity and confidentiality
  • Governance and Accountability: This requires the maintenance and enforcement of internal data protection policies and procedures, as well as documentation of data breeches and investigations. High-risk processing tasks require Data Security Impact Assessment (DPIA).
  • Data security “by design” and “by default”: means that the design of future business operations and management workflows related to data must be GDPR-compliant; And the default collection mode should only be to collect the personal data required for a particular purpose. Data storage should use the highest possible privacy settings by default and use a pseudonym or anonymity.
  • Right to erase personal data: GDPR requires organizations to completely erase data from all repositories: (i) data subjects revoke their consent; (ii) the partner organization requests the data to be removed, or (iii) the service or contract terminates. However, according to some exceptions the data may be retained for some legal reasons; It also provides the right to be forgotten, the right to correct data, the right to data portability, etc.
  • Companies are required to report a data breech within 72 hours for a specified national DPA. These violations should also be disclosed to individuals.
  • Exemptions / Restrictions: The following matters are not covered by the regulation:
    • Legal interception, national security, military, police, justice
    • Statistical and scientific analysis
    • Dead person, subject to national law
    • Employee-Employee Relations (as per a different law)
    • Processing of personal data by a natural person during purely personal or domestic activity
    • Conversely, an entity has to engage in “economic activity” (according to EU laws) to fall under GDPR.
  • Firms outside the European Union that provide services or goods to the European Union are subject to GDPR. These companies may need to appoint a representative in the European Union.
  • It includes a separate data protection directive for the police and criminal justice sectors that provides regulations on personal data exchanges at national, European and international levels.
  • Failure to comply with heavy penalties of up to 20% € or 4% of global annual revenue.
  • It emphasizes simplification of information and processes so that the public can understand them and take action easily.
  • The ePrivacy Regulation for Online Data Activities, has not yet been finalized by the European Union.

Implications for India and beyond

 

  • It affects the practices of technology sector, online retailers, software companies, financial services, online services / SaaS, retail / consumer packaged goods, B2B marketing, etc.
  • For Indian firms: Europe is an important market for the Indian IT / BPO / Technology / Pharma sectors and hence, GDPR compliance becomes a priority for all Indian organizations that have business there.
    • Challenges- According to an Ernst & Young study, only 13% of Indian companies are ready for GDPR. These provisions will be a challenge for small firms and young start-ups who demand huge costs of compliance or otherwise harm the business.
    • Opportunity- At the same time, there is a chance for new consultancy and consulting firms to set up their operations and help other firms with GDPR compliance worldwide. In addition, compliance can be replaced as a competitive advantage for other Asian companies.
  • India and the EU relations:
    • One of the routes for transferring private data outside the European Union is designated by the European Union as providing adequate data security to a country. Given that the EU has not given India the status of a data-secure country, operations between Indian and European companies can be difficult. It also has implications for the Indo-European Union BTIA (Broad-Based Trade and Investment Agreement).
    • GDPR provides that a legal order / decision by a third country acting on the part of the data controller / processor cannot be recognized in the absence of an international agreement such as the Mutual Legal Assistance Treaty (MLAT). This is a matter of concern as Germany refused to sign the MLAT with India in 2015 citing its objections to the provisions of India’s death penalty.
  • Blockchain technologies: The decentralized format of these technologies can help to better protect personal data. In addition, the anonymity granted by crypto-currencies based on these techniques may contradict compliance criteria under GDPR.
  • For consumers worldwide: They will demand better laws from other governments and companies to protect their data through campaigns against bad practices that cut personal data without consent, thus violating our right to privacy We do.

For more related information you can visit vmayo and mailcot.

Recent Comments

No comments to show.
About Exponent

Exponent is a modern business theme, that lets you build stunning high performance websites using a fully visual interface. Start with any of the demos below or build one on your own.

Get Started
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Spotify
Consent to display content from Spotify
Sound Cloud
Consent to display content from Sound