General Data Protection Regulation (GDPR) Training and Certification
- The General Data Protection Regulation (GDPR) is a law or a regulation which was adopted by the European Commission on 27 April 2016.
- It is scheduled to go into enforcement effective 25 May 2018 and is expected to impact organisations across the globe that do business in Europe.
- A core feature of the GDPR is that as a regulation, rather than a directive, it does not require enabling legislation in each member state, something that historically led to inconsistencies.
- As per the Article 2 “Material Scope”, this regulation applies to the processing of personal data wholly or partly by automated means.
- Applicability (as per the Article 3 “Territorial effect”) of GDPR is linked to the processing of the “personal data”
- In the context of the activities of an establishment of a controller or a processor in the EU, regardless of whether the processing takes place in the EU or not.
- Of data subjects who are in the EU by a controller or processor not established in the EU, where the processing activities are related to the offering of goods or services, to such data subjects in the EU; or the monitoring of their behaviour as long as their behaviour takes place within the EU.
Why should Indian Business Matter?
- If you are providing services to European customers and are capturing their information, such information will be treated as personal information (PII) under GDPR.
- Customer information including client and contact details of key client contact person may become a sensitive information under GDPR.
- If you store or process any employee information of any European citizen, such details/information will be considered as personal information (PII) under GDPR
- If you have vendors and you are using their information for any transactions, advances, or expenses, such information will be considered as personal information (PII) under GDPR
- If you are using analytical tools to extracting data to replicate/deduce information for employees, and customers or a combination of multiple applications, such information may be sensitive under GDPR.
- Europe is estimated to be $45bn potential outsourcing opportunity for Indian Technology Services vendors. Being GDPR compliant will be an opportunity for IT organisations, not just for pursuing new avenues in the EU region but also for renewing existing contracts.
- Indian Technology companies, (as service providers and employers) will collect and use personal data extensively. Being Data Collectors and Data Processors, these companies will not only need to fully understand the GDPR requirements but will also need to prepare well in advance of 2018.