Expand
O.P. Jindal Global University
 
Home / Articles / Decoding the General Data Protection Regulations (GDPR) by Bhumesh Verma

Decoding the General Data Protection Regulations (GDPR) by Bhumesh Verma

With the advent of the internet, privacy has become a much sought yet elusive luxury for people. Personal data of individuals is freely stored and shared globally, making the world more transparent than ever. I recall a speaker on Ted Talk comparing individuals on internet with ones walking naked on Chhatrapati Shivaji Terminus (CST), Mumbai.

GDPR
GDPR

Needless to say, such a brazen onslaught on personal privacy has perturbed the authorities world over. In an attempt to unify the personal data laws of the entire European Union and to lay down strict rules against sharing and improperly using personal data of individuals, the European Union (“EU”) formulated the General Data Protection Regulations (“GDPR”) in 2016.

A two-year transitioning time was given to organisations and governments to become GDPR compliant. The GDPR would come into force from 25th May, 2018. The GDPR imposes strict rules pertaining to data collection, transfer and utilisation when the personal data of an EU-based individual is transferred to a non-EU country. This has wide reaching implications for global businesses as data sharing is done by them in a wide variety of situations.

Let us discuss some key implications the GDPR may have on Indian businesses.

Key Features of GDPR

a) Important Definitions

Data Controller: Data controller is the one, which determines how the data is to be used. Typically, it is the party which shares the data. However, there could be a situation where both the parties involved in a data sharing transaction may be data controllers.

Data Processor: A data processor is the one which processes the data in accordance with the instructions given by the data controller.

Data Subject: A data subject is the one whose data is being collected.

Personal Data: Personal data is that information about an individual which helps to identify her/him. Hence, information such as name, contact details, address, identification number or any information which can be directly or indirectly be linked to the identity of the individual is treated as personal data.

b) Requirement to show Accountability

The GDPR has adopted the `stick’ method in order to ensure that these regulations are properly implemented and are not reduced to formalities. It has imposed requirements upon both the data controllers and the data processors to show that they are complying with the data protection principles. They are required to create and maintain data processing registers and adopt comprehensive measures to prevent data breaches. Such comprehensive measures inter alia include privacy impact assessments, technical safeguards etc. The data controllers are also required to inform the authorities within a stipulate time in the event of occurrence of any data breach.

c) Obligations on Data Processors

GDPR, in a first, imposes obligations on data processors. It requires data processors to implement sufficient security standards for data protection and promptly inform data controllers in the event of a breach. It also exposes them to punitive measures in the event of non-compliance.

d) Fines and Enforcement

GDPR has substantially increased the quantum of penalties. For the breach of record-keeping, security, breach notification etc. a penalty equal to the greater of €10 million or 2% of the entity’s global gross revenue may be imposed and for violation of obligations pertaining to data subject rights, cross border transfers etc, a penalty of the greater of €20 million or 4% of the entity’s global gross revenue may be imposed.

e) Data Protection Officer

Data protection officers are required to be appointed where the controllers/processors deal with large scale data of data subjects or are public authorities. These data protection officers are required to have expert knowledge of data protection law.

f) Consent

GDPR mandates consent of the data subjects prior to the collection of personal data. It defines consent as, “any freely given, specific, informed and unambiguous indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement to personal data relating to them being processed;” The process of obtaining free consent should be demonstrable by the organisations. There is no bar on withdrawing one’s consent.

g) Data Subject Access Requests

Data subjects are now entitled to get more transparent views on how their data is being processed. The timeline for providing such access is one month from the date of request.

Implications of GDPR on Indian Corporates

Most of the corporate houses today have a global reach and invariably during the course of transactions, they do obtain or share personal data of individuals. Simplest of actions including obtaining the names of participants in a conference or sharing employees’ details with cab drivers also counts as collection and transfer of personal data. If such data belongs to a EU-based data subject and is shared or transferred to a non-EU country, the compliances required under GDPR would be triggered.

The enormity and severity of the penalties imposed under the GDPR would expose Indian conglomerates to a very high degree of risk if they are found non-compliant. Even violation of requirements such as maintenance of data processing registers entail a huge fine and hence, Indian companies need to tread cautiously insofar as GDPR is concerned. It is recommended that Indian companies as a rule have GDPR compliances inbuilt in their data protection policies. In order to safeguard against liability, a separate agreement mirroring all the requirements/compliances mandated under GDPR should be signed by the organisations, every time there is a risk of EU based data subjects’ personal data being transferred. A strong data protection framework would help in averting risks and would mitigate liability.

Bhumesh Verma, is a Corporate Lawyer with over 2 decades of experience in advising domestic and international clients, with a place in “The A-List – India’s Top 100 Lawyers” by India Business Law Journal. He keeps writing frequently on FDI, M&A and other corporate matters. With Research inputs by Soumya Shekhar

Facebook Comments

Acheche DIn Acheche Din     pic by sify Let Justice Be Let Justice Be Lawyers Bearing the Burden Literally Lawyers Bearing the Burden Literally pic by OMG TOI Pic by Hindu Women Empowerment and Sports Women Empowerment and Sports Demonitisation Diaries Demonitisation Diaries                                                       by sify Demonitisation Diaries 2 Demonitisation Diaries 2  pic by sify ALL_1_Theme_01A_24_2383617g

Hindu

TOI

TOI

Hindu

TOI

Hindu Hindu

Hindu Hindu

TOI

Hindu Hindu

Hindu Hindu

TOI

Delivery Boy Delivery Boy                    by Satish Four Pillars of Democracy Four Pillars of Democracy             by Satish 150425_-_farmers_a_2384764f

Hindu

TOI

Hindu

Hindu

TOI

...as an eminent lawyer you ought to know that your action tantamount to, under Section B, sub-section G.VIX, read along with I.P.C. (A) XI (B), notwithstanding...                                        TOI

TOI

Missing the Point Missing the Point pic by english blog

IBN IBN

Time to straighten up Time to straighten up                pic by TOI Hindu Hindu Auto Driver thrashed for no fault Auto Driver thrashed for no fault,                  source oneindia Hindu TOI Humour @ Latest Laws Achhey Din Humour @ Latest Laws: Achhey Din America First Walk Your own Talk Tax Reforms    by Hindu Tax Reforms by Hindu TOI

Hindu

Belts are for Dogs Belts are for Dogs Alligator vs Litigator Alligator vs Litigator Hindu

TOI

Hindu Hindu

TOI

Hindu

State of Two Nations State of Two Nations               pic by sandeep Job Hazards If India takes One Step, we will take Two by Satish If India takes One Step, we will take Two ...................by Satish

Hindu

Cartoon Demonitisation Diaries 1 Demonitisation Diaries 1                                  pic by sify   State of Affairs Women Safety: State of Affairs             pic by mangal Soaring of Oil Prices pic by indiaone

Hindu

TOI

pinterest

Hindu

TOI
 
 
 

Check Also

Standards of Weights and Measures (Packaged Commodities)

All About Standards of Weights and Measures (Packaged Commodities) Rules ,1977 By Shreeja Chatterjee

October 20,2018: The Author, Shreeja Chatterjee is a 3rd Year student of NMIMS Kirti  P.  Mehta School of Law, Mumbai. She is currently interning with LatestLaws.com.  INTRODUCTION Standards of Weights and Measures (Packaged Commodities) Rules , 1977 has been introduced under ...

Leave a Reply

Your email address will not be published. Required fields are marked *

Latest laws

Join our mailing list to receive the latest laws news and updates from our team.