General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

What is GDPR?

General Data Protection Regulation (GDPR) is a law is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area. The main aim of GDPR is to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:

Purpose of GDPR

The purpose of the GDPR is to impose a uniform data security law on all EU members so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally.

GDPR Enforcement And Penalties For Non-compliance

SAs hold investigative and corrective powers and may issue warnings for non-compliance, perform audits to ensure compliance, require companies to make specified improvements by prescribed deadlines, order data to be erased, and block companies from transferring data to other countries. Data controllers and processors are subject to the SAs’ powers and penalties.

The GDPR also allows SAs to issue larger fines than the Data Protection Directive; fines are determined based on the circumstances of each case and the SA may choose whether to impose their corrective powers with or without fines. For companies that fail to comply with certain GDPR requirements, fines may be up to 2% or 4% of total global annual turnover or €10m or €20m, whichever is greater.

Importance of GDPR in India

Europe, being a substantial marketplace for the IT, BPO and pharmaceutical industry in India. IT industry in the top two EU member states (i.e. Germany and France) is estimated to be around 155–220 billion USD. For the Indian IT industry to keep continuing to do business in Europe, it needs to comply with the GDPR

India is in a unique position as it embarks on a digital transformation journey of unprecedented magnitude through citizen biometric data platform of Aadhaar, e-governance initiative Digital India, fostering presence-less, paperless, and cashless service delivery through IndiaStack and digitization of citizens’ documents via DigiLocker. India could draw on an over-arching data protection regime by building on GDPR. However, data protection cannot be in the government sphere alone. Businesses in India can also take cognizance and bring in strong data protection measures akin to GDPR, that will only enable their growth in the long run.

GDPR will strengthen data protection measures of enterprises and empower them and their customers if followed in the right word and spirit. Businesses operating in other regions too will do well to adopt the  GDPR  standards as data protection increasingly becomes a worry.