You must have heard about the spooky new law in town: GDPR. Are you confused about what GDPR is? Or are you in two-minds about whether it is applicable to you ?
Here is everything you need to know about GDPR.
GDPR or General Data Protection Regulations is a legal framework, which deals with data protection and privacy for all the individuals within the European Region. The main aim of this law is to give rights to the people, so that they have control over their personal data.
Moreover, it allows the people to have the courtesy to request the copy of his/her processed data which is being collected and used by an organization and also the rights to have his/her data erased under some particular conditions.
This law is also applicable to the organizations which are not of the European origin but are collecting or processing the personal information of the citizens and residents of the European Region.
According to the European Commission, “Personal data is any information related to an individual, whether it is related to his/her private, professional or public life. It can be anything ranging from a name, home address, photo, and an email address to bank details, posts on social networking websites, medical information and a computer’s IP address.”
GDPR does not require any National Government to pass an enabling legislation and is directly binding and applicable.
General Data Protection Regulations was adopted on April 14th, 2016 and was implemented on May 25th, 2018.
Updates in the GDPR
There are some changes made in GDPR which includes –
- Individuals can now easily request access to their personal information.
- People can easily update their own personal information to keep it accurate.
- Organizations can automatically delete the data of the people that their business has no longer any use for.
- People can easily request for the deletion of their personal data.
- People can easily request the organization to stop the processing of their data.
- People can easily request that their data be delivered to themselves or a 3rd party.
- People can easily object to profiling or automated decision making that can impact them.
Impact of GDPR on Organizations
GDPR is not a challenge to the IT, IT Security or Data Protection. It is a challenge for Chief Information Officers, Chief Information Security Officers and Data Protection Officers.
Undoubtedly, there are a lot of complex challenges posed by GDPR that need to be solved right away. For instance, the one of the major challenges is its impact on the organizations’ relationships with their customers.
According to a survey by Kuppingercole, 73.5% of the respondents defined improved customer relationships and interaction as the main target of a company’s digital transformation strategy.
Importance of GDPR
GDPR is extremely important as it reinforces the personal data protection rights of the European citizens and residents. It also clarifies that companies who process personal data must safeguard the rights laid down by GDPR.
GDPR is in demand because of its detailed transparency requirements. Any organization or institution that processes personal data has to ensure the lawfulness of processing, document the existence of sufficient procedures, provide information on security measures and make sure that sufficient data processing agreements are in place.
Do Indian Organizations Need to Be GDPR Compliant?
Well, not every Indian company needs to be GDPR compliant, but all those organizations who have their offices in the European Region or process or collect the personal information of the people who belongs to the European Region have to be GDPR compliant.
What Happens if a Company is Not GDPR Compliant?
Penalties and sanctions of up to 4% of the global annual turnover or €20 million (whichever is greater) will be filed on the organization.
How to Make Your Organization GDPR Compliant?
Kratikal can help you get your organization GDPR compliant.
Kratikal is one of the leading Indian cyber security firms and provides end-to-end cyber security solutions to over 50 clients across the globe. We provide a complete suite of vulnerability assessment and penetration testing services as well as security auditing like PCI DSS, HIPAA, ISO 27001 and GDPR.
Advantages of getting your organization GDPR compliant with Kratikal:
- Avoid penalties and sanctions worth 4% of global annual turnover or €20 million (whichever is greater).
- Maintain your status quo with respect to working within EU or with EU partners.
- Include Privacy by Design and Privacy by Default in your products, processes and technological implementations.
- Improved data portability due to uniformity of data storage standards.
- Increase in customer and partner trust in your business by readily implementing GDPR