EU’s GENERAL DATA PROTECTION REGULATION (GDPR)
Cyber Security is at the core of our secure existence. MeitY has issued instructions yesterday that 10% of the IT budgets of Ministries would have to be necessarily allocated for Cybersecurity. The need is felt all over, given the global hacking overtures in the last few months. At the core of Cybersecurity is keeping the Data secure, within the complexity of the global digital world, for companies, Govts, critical infrastructure & the citizens. Despite the challenge, the responses have not been matching.
All this is bound to change with the coming into operation of the General Data Protection Regulation, GDPR, of the European Union, on 25th of May 2018. The aim is to create more consistent protection of consumer and personal data across EU nations. Passed by the European Parliament in April 2016, becomes the law of the land in 28 countries across the European Union, with exactly the same mechanisms, checks, compliance & regulatory structures. Sufficient time has been provided to comply to the regulations. Serious deliberations are on across the globe in companies to get compliant ready.
The key privacy and data protection requirements are; consent of subjects for data processing, anonymizing data,
providing data breach notifications, safe handling of transfer of data across borders, appointment of a data protection officer to oversee GDPR compliance et al. The operational plan has to be neatly planned & executed not to land up in any compliance issues.
The cost of non-compliance has for the first time has been made prohibitive. Article 79 details penalties for GDPR non-compliance. The compensation can go up to 4% of the violating company’s global annual revenue. This is what the future of non-compliance can be. The issue of portability and right to erasure is also addressed for good.
GDPR IS THE BEGINNING OF A NEW DATA ERA.