EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR)

Legal & Compliance

Ashok P

Ashok P

24 Jan 2018, 09:04 — 5 min read

No matter where you are in the world, if you offer goods or services to European Union (EU) based customers, the General Data Protection Regulation (GDPR) will apply to you. It is necessary to comply with GDPR and failure to do so can result in a penalty of maximum 4% annual worldwide turnover or Euros 20 million, whichever is greater.

 

Understanding GDPR

  • The GDPR is a law or a regulation which was adopted by the European Commission on April 27, 2016.

  • It is scheduled to go into enforcement effective May 25, 2018 and is expected to impact organisations across the globe which do business in Europe.

  • A core feature of the GDPR is that as a regulation, rather than a directive, it does not require enabling legislation in each member state, something that historically led to inconsistencies.

  • As per the Article 2 'Material Scope', this regulation applies to the processing of personal data wholly or partly by automated means.

  • Applicability (as per the Article 3 'Territorial effect') of the GDPR is linked to the processing of the “personal data”
    • In the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not.

    • Of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to the offering of goods or services, to such data subjects in the EU.

 

Why GDPR should matter to Indian businesses

  • If you are providing services to European customers and are capturing their information, such information will be treated as personal information or personally identifiable information (PII) under the GDPR.

    • Customer information, including client and contact details of key client contact person may become sensitive information under the GDPR.

  • If you store or process any employee information of any European citizen, such details/information will be considered as PII under the GDPR.

  • If you have vendors and you are using their information for any transactions, advances, or expenses, such information will be considered as PII under the GDPR.

  • If you are using analytical tools to extract data to replicate/deduce information for employees, and customers or a combination of multiple applications, such information may be sensitive under the GDPR.

  • Europe is estimated to have a USD 45 billion potential outsourcing opportunity for Indian Technology Services vendors. Being GDPR compliant will be an opportunity for Information Technology (IT) organisations, not just for pursuing new avenues in the EU region but also for renewing existing contracts.

  • Indian IT companies, (as service providers and employers) will collect and use personal data extensively. Being data collectors and data processors, these companies will not only need to fully understand the GDPR requirements but become compliant as soon as possible.  

Notable incidents

November 24,  2017 - Hamilton Digital Solutions Ltd. - a London firm behind over 156,000 spam texts, has been fined GBP 45,000 by the Information Commissioner’s Office of the UK. 

 

November 01, 2017 - Data broking company Verso Group (UK) Limited has been fined GBP 80,000 by the Information Commissioner's Office of the UK. The company had failed to comply with data protection law because it was not clear with people about what it was doing with their personal information.

October 13, 2017 - The Lead Experts Limited-  a Liverpool firm which made more than 100,000 nuisance calls has been fined GBP 70,000 by the Information Commissioner’s Office of the UK.

June 6, 2016 - The Hamburg commissioner for data protection and freedom of information announced that he had fined three multinational companies with operations in Hamburg a total of Euros 28,000 (USD 32,000) for failing to establish alternative legal channels for cross-border data transfers.

 

To explore business opportunities, link with me by clicking on the 'Invite' button on my eBiz Card.

 

Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views, official policy or position of GlobalLinker. 

Posted by

Ashok D P

I am looking to connect with other business owners. Invite me to connect

Recommended articles for you

Join a growing community of 300,000+ SMEs. Create your account now.

Already a member?

Log in

Join a growing community of 300,000+ SMEs. Create your account now.

Already a member?

Log in

Mastercard GlobalLinker - GET THE BIG BUSINESS ADVANTAGE

Visit mobile site