GDPR Information


What is GDPR?

The GDPR is a new comprehensive data protection law effective from May 25, 2018 that strengthens the protection of personal data in light of modernization, rapid technological developments and more complex cross border data flows. It provides more power to the individuals whose personal information is being processed. It updates and replaces the data protection laws currently in place with a single set of rules, directly enforceable in each EU member state.

What does GDPR regulate?

Besides strengthening and standardizing user data privacy across the EU nations, GDPR will require new or additional obligations and liabilities on data controllers and data processors. GDPR focuses on lawful processing of data, providing transparency to the data subjects regarding processing activities performed on their data, keeping data accurate, restrictions on marketing activities, processing involving automated profiling of personal data and disclosing personal data to another party only after ensuring proper technical and organizational measures.

What counts as personal data under the GDPR? 

The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data organisations now collect about people, online identifiers such as IP addresses, cookies, sensitive data such as a person’s caste, health records, and criminal records now qualify as personal data. Pseudonymised personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.

What are GDPR Readiness entail?

Data: Govern and ensure the quality of data, assess what data is in use, its purpose. This is crucial for offering transparency and trust which is demanded from GDPR.

Governance: Translate GDPR into actions, norms and values. Consider effective measures which need to be taken

Security: Protection of the fundamental privacy rights (e.g. protecting the security and confidentiality of Personal Data. For e.g. providing proper use, notice, consent, choice, access, rectification and erasure

People, Processes and Communications: Train Employees on GDPR requirements. Employees need to understand the risks and impact of improper data use. Identify the impact of GDPR on processes and what changes may be required.