All you need to know about GDPR

Varun Aggarwal | Updated on June 19, 2018

1. What is GDPR?

The GDPR is a regulation in European Union law on data protection and privacy applicable for all European Union(EU) citizens. All organisation are expected to comply with GDPR by 25 May 2018.  The GDPR aims at giving control to the residents/individuals over their personal data by unifying and harmonising the data-protection regulations with the strict compliance requirements.  The fines for not complying with the regulation can be either 4% of annual global turnover or €20 million - whichever is higher.

2. How does it impact a small business in India with no presence in Europe?

Even if the organisation is not has direct presence in EU, but doing business through its distribution channel and it collect, store, process PI or PII of EU citizens then they come under the purview of the GDPR compliance.  This information is used for various purpose such as accounting, auditing, sales & marketing. For e.g.- Hospital specialising in Cancer treatment situated in south of India having EU patients, has to be GDPR complaint.

3. I don't have any European customers and no operations in the country, should I still worry about GDPR?

Yes, if any process or channel/distribution partners in your business operations ecosystem collect, store, process PI or PII of EU citizens. For e.g.: Cloud Service providers, Hotel Industry, Payment Service Providers.

4. Is sending customers GDPR-compliant terms enough?

No it is not. Depending upon the service or product which is utilised by the end –customer, the organisation needs to ensure that appropriate consent has to be taken from their customers through respective distribution channels. The organisation needs to ensure that it receives a notification when their customer revokes its consent to ensure that all the PI and PII are erased. This will unify the customer journey in giving and revoking the consent.

5. I haven't heard any issues related to GDPR so far. Is it not enforceable in India?

EU cannot enforce GDPR in India, GDPR is developed specifically for EU. Businesses who fall under the purview of the GDPR and doesn’t comply will be blacklisted or will not be allowed to do business in EU. Businesses in India have already started evaluating the impact of GDPR on them. Those who fall under its purview have already begin their GDPR compliance journey and those who have not are gearing up for its compliance.

La Quadrature du Net a French non-profit association campaigning on the rights of internet users, said that it has filed five collective complaints with national data protection agency Cnil (French Authority) against Amazon, Apple, Facebook, Google (Gmail, Youtube, Search), and LinkedIn for violating the privacy law. La Quad started inviting people to join its collective complaints six weeks ago. Over that time, the organisation got more than 12,000 people to sign up.

Watch the full interview here

Published on June 19, 2018

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like