The General Data Protection Regulation is a European Union law on Data Protection and Privacy. The GDPR’s primary aim is to give individuals control over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise—regardless of its location and the data subject.
Scope of the GDPR Regulation
GDPR is applicable to all entities operating within the European Union (EU) and European Economic Area (EEA). The provisions of GDPR mandate compliance for processing related to the data of subjects in the European Union even if the data processing takes place outside the territorial limits.
The crucial principles embedded in the GDPR that also provide the framework of holistic data protection cast the obligation on data controllers that all processing of data must be accorded the seven layers of protection.
- The processing must be lawful, fair and transparent with regards to the data subject.
- The legitimate purpose for data processing must be specified and expressly conveyed to such data subject.
- A substantial obligation of abiding variety of measures for your organisation such as appointment of Data Protection Officers, establishing Data Protection by design, designation of data protection responsibilities to the team along with adequate training and awareness exercises for optimal organisational security.
GDPR derives its stringency from the substantially high fines and penalties it imposes on organisations for their non compliance with its regulations. These fines are made flexible to adapt with the scale of the organisation responsible for non-compliance. There are two tiers of fines that depend on various factors such the nature and gravity of the infringement, intent, damage, mitigation efforts etc.
Article 51 of GDPR provides that each member State needs to establish one or more independent public authorities that will be responsible for monitoring the application or compliance with GDPR, known as Supervisory Authority. The GDPR also specifies on the need of complete independence of such Supervisory Authorities so that they may remain free from external influence in order to perform their tasks and exercise their powers under GDPR.
Benefits of the GDPR Implementation Program
- GDPR implementation done through our five-phase approach
- Implementation done for clients located in EU, India or elsewhere
- Provided end-to-end support throughout the project
- As a part of the project, developed protection toolkit (including draft agreements, security/ privacy best practices, policies etc.) and incidence management system