GENERAL DATA PROTECTION REGULATION, GDPR – 2018.
Passed nearly two years ago by the European Parliament, GDPR, is scheduled for full implementation from 25th May 2018. A framework for MNCs; combination of data privacy & security mandates, unprecedented in many cases. Right to be forgotten, Privacy by design & by default and Data Protection Impact Assessment to name a few. Right to Privacy is a fundamental right now in India and the white paper on Data Protection Framework was put in the public domain for comments. While India’s gets on way to its Data Protection Act, the GDPR experience can be enlightening.
If all laws were implementable with ease, it would have been a different world today. Implementation of a law with the complexity of the enmeshed digital technology & geographies involved, is a humungous task. It’s an untrodden path. The MNCs so far have been playing around with Data & Privacy at their whims & fancies. Data today is in stranglehold of mafias, so to say.
Though intense preparations have been on by the IT majors, nobody knows the exact readiness status. Data inventory of personal data is a challenge. Process owners can be the only guide. If we don’t know where all the data resides, how can we protect the data. Data classification is a must. The intricacies of data workflow / storage and external & internal interfaces of data is not as easy it sounds. It’s more of a technical issue, when the legal protection & security is already indicated.
Privacy by design & by default might mean making change in the basic architecture itself. It would have multifarious impact on the smooth data business usages; presumed to be consented on 4 font, I agree, formats. Transfer of data globally is the order of the day, depending on the commercial & technical requirements. The location of data based on citizens privacy requirements is a legal GDPR mandate now. How data remains under the mandate, if it is across the borders?
GDPR’s SUCCESS DEPENDS ON CREATING AN EFFECTIVE ENFORCEMENT MECHANISM.