REGULATIONS

GDPR

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in the European Union. It is the law on data protection and privacy.

European Union’s General Data Protection Regulation

European Union’s General Data Protection Regulation

European Union’s General Data Protection Regulation is one of the most reputed and stringent data protection and privacy laws across the globe. It came into effect on 25 May 2018. It’s comprehensive data protection rules are applicable to all entities present in the EU and European Economic Area. It applies to the processing of personal data wholly or partly by automated means and processing other than automated means of personal data that forms part of, or is intended to be part of, a filing system.

Jurisdiction:

  • The GDPR applies
  • To the processing of EU residents data irrespective of whether the data controllers or processor
  • are within or outside the EU- if the processing activities are related to the offering of goods or services to data subjects in the EU, or the monitoring of the behaviour of data subjects within the EU.
  • To all processing that takes place on behalf of the data controller or processors that are
  • established in the EU – irrespective of whether the actual processing takes place within the EU. This means the regulation extends its adherence to businesses not present in EU but are processing personal data or doing businesses with EU organizations.
  • Requirements under GDPR:
  • Lawful processing of personal data based on user consent, contract, legitimate interest, vital
  • interest, public interest and legal requirements.
  • Transparency through privacy policy and cookie policy.
  • Restricting the processing strictly to the purpose.
  • Process minimal data for necessary time periods.
  • Integrity and confidentiality of the data through access control, encryption, pseudonymisation,
  • anonymization and other state-of-the-art information security practices.
  • Demonstration of accountability with proper documentation, contracts, data protection
  • impact assessments (DPIAs), incident response strategies, appointment of DPO and code of conduct.
  • Ensuring right to the data subjects including Rights to be informed, access, rectification, object, data portability and erasure.
  • In case of data breach, a company needs to inform authorities within 72 hours and if the risk is high, they also need to inform the data subjects.

Fine under GDPR:

Failure to comply with GDPR can expose the entities to a hefty fine of upto 20 million euros or 4% of global turnover (whichever is higher).

  • The GDPR applies
  • To the processing of EU residents data irrespective of whether the data controllers or processor
  • are within or outside the EU- if the processing activities are related to the offering of goods or services to data subjects in the EU, or the monitoring of the behaviour of data subjects within the EU.
  • To all processing that takes place on behalf of the data controller or processors that are
  • established in the EU – irrespective of whether the actual processing takes place within the EU. This means the regulation extends its adherence to businesses not present in EU but are processing personal data or doing businesses with EU organizations.
  • Requirements under GDPR:
  • Lawful processing of personal
  • data based on user consent, contract, legitimate interest, vital interest, public interest and legal requirements.
  • Transparency through privacy
  • data based on user consent, contract, legitimate interest, vital
  • Restricting the processing
  • strictly to the purpose.
  • Process minimal data
  • for necessary time periods.
  • Integrity and confidentiality of
  • the data through access control, encryption, pseudonymisation, anonymization and other state-of-the-art information security practices.
  • Demonstration of accountability
  • with proper documentation, contracts, data protection impact assessments (DPIAs), incident response strategies, appointment of DPO and code of conduct.
  • Ensuring right to the data
  • subjects including Rights to be informed, access, rectification, object, data portability and erasure.
  • In case of data breach,
  • a company needs to inform authorities within 72 hours and if the risk is high, they also need to inform the data subjects.

Fine under GDPR:

Failure to comply with GDPR can expose the entities to a hefty fine of upto 20 million euros or 4% of global turnover (whichever is higher).

How our privacy team can help

At Tsaaro’s, our privacy team comprises of experienced lawyers and InfoSec professionals. Together we ensure that your organisation is compliant with all regulatory requirements along with best possible technical and infrastructural solutions. We provide personalised plans to our customers to inculcate data protection by design and by default in their processes in a cost efficient manner.

  • Assess the applicable global personal data protection laws
  • (Regulatory Assessement)
  • Ensure Data Protection by Design.
  • Protection your organisation against hefty fines.
  • Improve customer and investor’s trust in your organisation.