Although the law is related to Europe, it has global implications on firms dealing with EU residents in any form
Companies need to be ready as the General Data Protection Regulation (GDPR) will come into effect on May 25. The GDPR is part of a European Union (EU) legislation, which has been designed to protect the personal data of its residents.
Although the law is related to Europe, it has global implications on firms who are dealing with EU residents in any form.
So what is the law and how does it affect India? Here are 10 key facts about GDPR:
1. The EU GDPR is considered to be the most notable change in the data protection regime in the last two decades.
2. The law was approved in April 2016 and European authorities had given companies two years' time to comply. It will come into force from May 2018.
3. Once in effect, the GDPR will replace a previous law called the Data Protection Directive.
4. EU authorities have formulated the law with an aim to give consumers control of their personal data as it is collected by companies. Personal data here define data relating to identifiable living individuals, including their names, email IDs, ID card numbers and physical and IP addresses.
5. Under the GDPR, companies are required to provide clearly distinguishable consent terms seeking data from individuals. There should be no vague or confusing statements in regard to this.
6. If the individual is below 16 years of age, a person holding "parental responsibility" must opt-in to data collection on their behalf.
7. The EU document further gives rights to individuals to have personal data deleted under certain conditions.
8. It also makes it mandatory for companies to notify their data protection authority about a data breach within 72 hours of first becoming aware of it. Failing to comply could result in a fine up to 4 per cent of global turnover or €20 million — the maximum amount of the fine, as per a report of The Hindu.
9. Besides having a deep impact in Europe, the data protection law has global implications as it also applies to those outside the EU who are directly or indirectly related to its residents.
10. The impact of the law would be seen on Indian IT firms and other service providers dealing with any EU client.