Decoding GDPR by CRIF Highmark

Last Modified Tuesday, 19 June 2018 (19:11 IST)
As data, the new oil of the digital era continues to drive the economies around the globe, privacyand protection of data is in the spotlight. On 25 May 2018, The led the pack byenforcing into full-effect, thereby making a milestone in data protection laws across the European Union (EU).
What is GDPR?
The (GDPR) is a control in the EU law aimed to standardizeand strengthen citizen’s data protection rights across EU. It considers consumer to be the owner of the data, and organization has to obtain an affirmative consent from consumer to be able to use consumer’s data or allow consumer a right to delete it whenever consumer wishes to.
Who does it apply to?
All public and private organization that handle, store or process personal data of EU citizens. Applicable also to non-EU companies that process personal data in the EU.
What is Personal Data?
Personal data is at the heart of the GDPR. ‘Personal data’ means any information relating to an
identified or identifiable natural person (‘data subject’). The definition is quite broad now and
includes identifiers such as genetic, biometric, health, ethnicity, financial standing, political
opinions, IP Address etc.
Why is it necessary to adopt GDPR?
It is important to adopt GDPR to the fullest and avoid any breaches, as GDPR lays heavy
financial penalties on non-compliant organizations. One also runs into a risk of loss of
reputation. Further, Privacy by design is crucial for organisations also because it acknowledges
the need to rethink cyber security processes. The threat of data breaches rises each year, and
organisations have so far struggled to find effective solutions. Adopting a privacy by design
approach will increase organization’s awareness of privacy and data protection issues, helping
them identify and address vulnerabilities promptly.
What are the advantages of adoption of GDPR?
Strengthen Your Cybersecurity
Better Data Management
Increase Marketing (ROI)
Enhanced Audience Loyalty And Trust
Be The First To Establish A New Business Culture
What it means for India & Indian companies?
The new law will have both direct and indirect impact on Indian business and India’s legal
approach to privacy and data protection. Evidently as the new law kicked in, companies across
the world have updated their consent terms and privacy policies – therefore, many of us in India are getting these notification, even though it is not necessary in India as yet. While most Indian organizations are unaffected by GDPR, some Indian sectors such as IT, the outsourcing industryand pharmaceuticals might be hit by the GDPR as they have operations in EU markets.

Because of complexities involved in implementing GDPR, a new opportunity emerges for individuals and risk management companies to offer consulting and auditing services on GDPR. The new data protection framework being drafted under Justice Srikrishna Committee is likely to be influenced by the provisions under GDPR, and we may see similar need of data protection emerging for Indian businesses too.