Data protection is a concern in the digital age and regularizing it has been a priority for the governments across globe. Data protection is a part of privacy which is considered as a fundamental right in The Indian Constitution. The European Union (EU) has laid the foundation by initiating mandatory regulation for protecting the integrity of data of individuals. General Data Protection Regulation (GDPR) marks the inception for regularizing data protection.

What is GDPR?

GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within EU which will come into effect across EU on 25 May 2018. GDPR applies to all data controllers and processors in the EU, and organizations that deal with third parties operating in the EU and using information of EU citizens. It also sets out the principles for data management and privacy. Independent supervisory authorities have been empowered to audit organizations to verify compliance with GDPR. Businesses need to act now to ensure that they are ready to comply with the new regulation by May 2018.

What organizations need to do?

  • Strengthening IT security controls,
  • Strengthening documentation,
  • Improving data analysis/classification,
  • To designate a dedicated Data Protection Officer within the organization.


Implications of non-compliance

  • Technical breaches such as impact assessments, breach notifications and certifications - Fine of EUR 10 million or 2% of the global annual turnover (revenue), whichever is higher
  • Key provision breaches - Fine of EUR 20 million or 4% of total global annual turnover (revenue), whichever is higher.


How we can help you stay compliant with GDPR

  • Discovering and assessing the risk for applicability of GDPR,
  • Accountability for privacy in terms of maintaining relevant documentation, conducting data protection impact analysis and implementation of the same at design level,
  • Roles, responsibilities and obligations with regards to compliance at entity level and for data subjects (entities customers/clients),
  • Penalty and liability clause in case of non-compliance, either at entity level or third party level (outsourcing),
  • Rights and obligations of the data subjects (entities customers/clients).


Write to us at today to speak to our GDPR specialist.