WHAT IS GDPR?
The General Data Protection Regulations (GDPR) are new set of rules formulated by European Union to give people more control over how organizations use their personal data.
The GDPR carries provisions that require businesses to protect the personal data and privacy of the citizens of the European Union (EU) for transactions that occur within EU member states, as well as provisions for regulating the export of personal data outside the EU.
The GDPR also introduces penalties for organizations that violate the rules as well as remedies for those that suffer data breaches.
IS GDPR APPLICABLE TO YOU?
GDPR is applicable on any company with more than 250 employees, that stores or processes personal information about EU citizens. It is also applicable to Indian companies who are handling data of EU citizens.
These Regulations are also applicable to companies with less than 250 employees if it’s data-processing impacts the rights and freedoms of data subjects, or includes certain types of sensitive personal data.
OBLIGATIONS UNDER GDPR
To become GDPR compliant the companies will be required to undertake the following obligations-
1. Ensure Data Security- Organisations have to make sure that the data they are handling is safeguarded from additional processing. The organisation is obliged to put in place effective technical and organisational security measures in order to protect personal data from unauthorised usage, loss, damage, alteration, damage.
2. Data Control- Organisations must ensure data accuracy and integrity, implement data security practices and minimise the risk of data theft.
3. Data Breach- As a company you must have a system for handling personal data breaches. Implement appropriate measures to minimise the loss and notify the public authority within 72 hours about such breach.
PENALTY FOR NON-COMPLIANCE
If a company is not compliant with GDPR after 25th May, 2018, heavy penalty of upto Euro 20 million (around INR 140 crores) or 4 % of total worldwide annual turnover, which is higher can be imposed on the non complaint company.
WHAT DO WE OFFER?
1. First, we will evaluate the gaps between your present data protection compliance policy and requirement under GDPR.
2. Based on that we will design a strategy for your company to comply with GDPR.
3. Facilitate creation of mechanism for ensuring data protection by reviewing third party contracts and develop an accountability framework for the same.
4. Create an operational structure for complying with data protection regulation.
5. Periodic risk assessment and steps to minimise your risk.