The changes which ushered in by GDPR from Friday 25 May 2018 are substantial and ambitious. GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And non-compliance could cost companies dearly.
To make Europe ‘fit for the digital age', European Commission set out plans for data protection reform across the European Union in January 2012. Though GDPR is discussed globally as if it is an issue between EU and US, the Indian IT industry also has a huge stake since it works both for the US and EU clients and needs to provide a "GDPR Compliant Data Processing Service".
The European Union General Data Protection Regulation (GDPR) is a sweeping data protection law that not only affects European businesses but all organizations handling the personal data of EU citizens.
As GDPR is proposed as a "Global Regulation", no Indian Company would get EU business unless it is compliant with GDPR. GDPR applies to all businesses and organizations established in the EU regardless of whether the data processing takes place in EU or not. If a company tries to be compliant, it has to confront a tough penalty structure.
As of May 2018, data breaches where citizen, patient, subscriber or customer personal data is inexcusably left vulnerable will not be tolerated and the financial penalties will be painful.
The penalty will be 10,000,000 Euros or 2% Global Turnover for offenses related to Child consent, transparency of information and communication, data processing, security, storage, breach, breach notification; and transfers related to appropriate safeguards and binding corporate rules.
And 20,000,000 Euros or 4% of Global Turnover, for offenses related to data processing, consent, data subject rights, non-compliance with DPR order, and transfer of data to the third party.
While much of the GDPR requirements focus on the processes and procedures for acquiring, utilizing and handling personal data that is ‘lawful and fair', the cybersecurity dimension is absolutely critical in order to prove that you have ensured ‘appropriate security and confidentiality of the personal data'.
With the right sort of consistent, unified, cross-functional approach, GDPR can act as a great driver for the entire organization to move to treating data processing in a transparent and accountable fashion.
With our expertise and experience in Cyber Security industry at ISOAH, we are offering our services to make the compliance procedures much less challenging by reducing complexity, time and cost and adding considerable value.
Whether you are an SME or a multinational, our GDPR services will be customized according to your needs. We can help you with variety of best practice solutions, evaluating your GDPR compliance position and developing a remediation roadmap through to implementing a suitable GDPR compliance framework.
In any organization, your workforce is the last line of defense. For GDPR compliance too, your staffs and management must understand their responsibilities under the GDPR. ISOAH can offer a structured learning path to impart knowledge and skills needed to deliver GDPR compliance.
Companies must dedicate their time to understand what they need to do in order to become compliant. Creating a plan of action beforehand will also help to stay ahead of others. As data has become a valuable currency in the world, it is believed that GDPR will strengthen data protection measures of companies and empower consumers if followed in the right spirit.