Manish Sehgal
Moneycontrol News
One of the most discussed aspects of EU’s General Data Protection Regulation (GDPR) is the provision for administrative fines. However, there is much more to the regulation; the following five points will give you a quick walk through other crucial facets of the regulation:
- GDPR offers an impetus for enterprises to revisit the way they handle and process personal data of data subjects (employees, customers, suppliers and business partners). It is a trigger to prioritise and revamp the current processes and systems deployed to protect personal data.
For India-based organisations, in addition to the IT Act 2000, and the Information Technology Rules 2011, GDPR readiness is a boom before our own much-awaited data protection act is released.
- In today’s competitive world, it is of utmost importance that customers trust organisations and have faith in their services. The increase in data breach incidents is impacting this trust factor. In light of this, GDPR offers a great opportunity to regain ‘trust’ of customers. All organisations asserting GDPR-readiness are expected to have established matured processes to handle personal data of customers.
- GDPR has given a new dimension to safeguard personal data from being misused. Article 6 ‘Lawfulness for Processing’ are binding and don’t leave much scope for using the personal data beyond its designated purposes.
- Consent
- Performance of a contract
- Compliance with a legal obligation
- Protect vital interests of data subject
- Performance of a task carried out in the public interest
- For the purposes of the legitimate interests
- GDPR has opened a new professional avenue in the form of a Data Protection Officer (DPO), especially in the Indian context. DPO is placed within the core of GDPR and is tasked with formulating data protection strategy and making organisations compliant with the GDPR requirements. According to the study of International Association of Privacy Professionals (IAPP), 75,000 DPOs will be needed globally and we believe this may be one of the most demanded skills in the years to come.
- GDPR, being a sector-neutral and border-less law, is gaining momentum across the globe and is being considered as a benchmark for privacy and data protection requirements. Indian organisations that do not fall under the ambit of GDPR may also consider the stringent requirements as reference to establish a robust privacy and data protection framework. It is said that GDPR is probably the most comprehensive privacy law ever drafted in the last two decades.
Organisations must take advantage of this regulation to setup their own processes and systems to safeguard personal data subjects that will help the ecosystem at large.
(The author, Manish Sehgal, is a partner at Deloitte India.)
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
