General Data Protection Regulation
Author – Richa Singh
WHAT IS GDPR ?
The General Data Protection Regulation (GDPR) are new set of rules formulated by European Union to give people more control over how organizations use their personal data.
The GDPR carries provisions that require businesses to protect the person l data and privacy of the citizens of the European Union (EU) for transactions that occur within EU member states, as well as provisions for regulating the export of personal data outside the E.U .
The GDPR also introduces penalties for organizations that violate the rule s as well as remedies or those that suffer data breaches.
IS GDPR APPLICABLE TO YOU ?
GDPR is applicable on any company with more than 250 employees, that stores or processes personal information about EU citizens.
It is also applicable to Indian companies who are handling data of EU citizens.
These Regulations are also applicable to companies with less than 250 employees if it’s data- processing impacts the rights and freedoms of data subjects, or includes certain types of sensitive personal data.
OBLIGATIONS UNDER GDPR
The companies will be required to undertake the following obligations to become GDPR compliant –
Ensure Data Security – Organizations have to make sure that the data they are handling is safeguarded from additional Processing.
The organisation is obliged to put in place effective, technical and organisational security measures in order to protect personal data from unauthorized usage, loss, damage, alteration, damage.
Data Control- Organisations must ensure data accuracy and integrity, implement Data security practices and minimize the risk of data theft.
Data Breach- As a company you must have a system for handling personal data breaches. Implement appropriate measures to minimize the loss and notify the public authority within 72 hours about such breach.
PENALTY FOR NON-COMPLIANCE
If a company is not compliant with GDPR after 25th May, 2018, heavy penalty of up to Euro 20 million (around INR 140 crores) or 4 % of total worldwide annual turnover, which is higher can be imposed on the non complaint company.
IS THE GDPR CERTIFICATION COMPULSORY
No. As per Article 42(3), certification shall be voluntary.