A short article on "New privacy protection act GDPR of EU, and how it may impact Non-EU citizen and business organisation in short and long term"



Introduction to GDPR

General Data Protection Regulation (GDPR) is a new and very powerful data privacy protection act by European Union(EU) for their citizens and residents. It replaces the existing privacy protection directive Data Protection Directive and is effective from today 25/05/2018.

Primary objective of GDPR is to give full control to citizens and residents of EU over their personal data and to simplify the regulatory environment of international business by unifying the regulation across the EU. There is a provision from strong penalties (10 million Euro/ 20 million Euro) against the unlawful usage of such data by the company collecting it.


A short summary of GDPR

  1. It was adopted on 14 April 2016, and after a two-year transition period, becomes enforceable on 25 May 2018.
  2. GDPR is a regulation, not a directive, so it does not require national governments to pass any enabling legislation, and is directly binding and applicable to all the countries of EU.
  3. Explicit permission and control over data   : No personal data may be processed unless it is done under a lawful basis specified by the regulation, or if the data controller or processor has received explicit, opt-in consent from the data's owner. The business must allow this permission to be withdrawn at any time.
  4. Mandatory Disclosure about what, how, why, how long and share: A processor of personal data must clearly disclose, what data is being collected and how, why it is being processed, how long it is being retained, and if it is being shared with any third-parties. 
  5. Data portability Possession : Users have the right to request a portable copy of the data collected by a processor in a common format, and the right to have their data erased under certain circumstances
  6. Data Protection Officer (DPO) : Public authorities, and businesses whose core activities centre around regular or systematic processing of personal data, are required to employ a data protection officer (DPO), who is responsible for managing compliance with the GDPR
  7. Accountability and Responsibilities : The data controller must implement measures which meet the principles of data protection by design and by default. Privacy by design and by default (Article 25) require data protection measures to be designed into the development of business processes for products and services. Such measures include pseudonymising personal data, by the controller, as soon as possible (Recital 78).
  8. Time Limit in case of data breach : Businesses/organisation must report any data breaches within 72 hours if they have an adverse effect on user privacy.
  9. Non compliance : A warning in writing in cases of first and non-intentional noncompliance, a regular periodic data protection audits should be conducted to ensure GRPR compliant
  10. Fine and Penalties : A fine up to €10 million or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater if there has been an infringement of the provisions: (Article 83, Paragraph 5 & 6). OR a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater, if there has been an infringement of the provisions: (Article 83, Paragraph 4)

Why GDPR ?

Today we are living in a digital society, social networking media, financial institutions like banks, retailers, and governments etc, almost every service revolves around our personal data. It involves the collection and analysis of our personal data like - name, address, credit card number and more all collected, analysed and, perhaps most importantly, stored by organisations.

Data breaches inevitably happens. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it
Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.

European Union has taken this step in order to make Europe 'fit for the digital age' and gain trust of user in adapting digital technologies.

How does it impact Non-EU business organisation globally ? 

So, the very primary question comes in our mind is - Is is applicable to Business organisations that are out side European Union ? eg India
The answer is - Yes, here is how.....

As mentioned in GDPR of scope -

  1. The regulation applies if the data controller (an organisation that collects data from EU residents), or 
  2. Processor (an organisation that processes data on behalf of a data controller like cloud service providers), or
  3. The data subject (person) is based in the EU.
  4. Under certain circumstances, the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU.
Hence, although the GDPR is implemented in EU, but its scope in not limited to physical boundary of EU, but applicable to any organisation world-wide who stores the private data of citizens or residents of EU countries.  
Hence GDPR may be applicable to educational organisation as well as business organisations inside Non-EU countries including India as well, where the citizen of EU countries are enrolled as student or working as employee

Here is my analysis about the Short term and Long term impact of GDPR globally


GDPR has created and general awareness among the people world wide about the data privacy protection. Recent news about the cambridge analytica scandal, news about the Facebook leak are the some incidents that show the necessity of such law for every user, irrespective of the country and region.

Impact on Business Organisation :


  1. GDPR may be used as blue print by other countries to frame their own privacy protection policy with major or minor changes
  2. Business eco-system across the glob may try to become complaint with GDPR even they are outside EU to boost the confidence of the user in storing their data with them.
  3. Tele-calling, Email Marketing and SMS marketing industries may face rescission, where as google Adwords, Facebook Ads, Twitter Ads etc will gain significant boost
  4. Most of the IT industries will be affected with GDPR and work towards to make their IT products and services GDPR complaint
  5. If other countries are fail to draft and implement similar law for long time, then the business organisations of  EU Countries may get an edge to gain customer's trust globally in terms of maintaining highest level of data privacy and security, and hence business advantage above others 

Impact on Individual User and Client :

  1. Even a client outside EU will start asking to their IT vendors that whether they are DGPR complaint and privacy protection of their data.
  2. Now User and Customer will get the IT system that will be more secure and robust in terms of data security and privacy.
  3. User of Non-EU country may demand their policy maker for similar law as GDPR.

Conclusion : 

Cloud Computing and Digital Revolution is a natural evolution which has connected users across the glob into a single network to communicate, share and exchange their ideas on various topics. In order to provide a healthy digital eco-system, where user can share their data with confidence, GDPR and the acts like GDPR will play very important role. One of the reason of poor adaptation of IT and cloud based solution in India is the lack of such strong policy, where user and customer always feel ensure in storing their data on cloud.



REFERENCES : 

  1. https://gdpr-info.eu/
  2. https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
  3. https://www.zdnet.com/article/gdpr-an-executive-guide-to-what-you-need-to-know/




Comments

Post a Comment

Popular posts from this blog

10 Reasons why Educational Organisation should adapt Digital Technologies

Educational organizations are heavily dependent on quality of human resource in order to sustain, maintain and improve the overall quality and functioning or organization. Technologies can play vital role in overall functioning of the organization by assisting the Human Resources at all levels of Organisation, to perform their activities more efficiently. IT solution includes - organization websites, ERP/MIS system, Email/SMS/Social Networking System for communication, Online Assessment system, eLearning system etc. Here I am listing 10 most important reasons why an Educational Organisation should adapt 'Right IT Solution' : Efficient Database Management of Student & Employee Transparent and Efficient communication among the stakeholders Digital Marketing and eBranding of Organisation Reduce Administration load and paper work of Faculties, so I hat they can focus and dedicate more time on teaching and R&D Effecitive Decision Making : A right IT Solution can...
Read more

A Short Article for Understanding Digital Marketing Concept : The list of Most popular terms & phrases used in Digital Marketing

Image
As per the definition in Wikipedia - Digital marketing is the marketing of products or services using digital technologies, mainly on the Internet, but also including mobile phones, display advertising, and any other digital medium.   Digital Marketing is one of the fastest growing field and opening new window of opportunity for all type and size of business to market their product to their prospective customer. Digital Marketing allows the business organizations to reach to their prospective customer with low starting budget, target only to a particular segment of customer based on their demographic information, quick analysis and adjust their budget as per the ad responses, keep them connected using website, social media or regular updates via email, sms, feeds etc. It has also add a new job verticals &   career opportunity in digital marketing for freshers and experienced IT professional with adequate domain knowledge. Purpose of this blog ar...
Read more

5 Most Important Things To Quickly Boost Your Admission Enquiry 2016 by Fine Tuning Your IT Infrastructure

It has been notices that, there is a significant drop in admission scenario in Technical and Professional Courses like Engineering , MCA and MBA in last few years . There c an be many reasons behind it, that can be classified as social, technical, intake quality, policy decisions , quality of education, employability & employment opportunities,  news & articles about these courses in various o n -line and print media etc. In this blog post, I have tried to focused on two general reasons that are leading to significant drop in admission along with analysis and possible actions that can fast improve the situation . First Reason, Students & parents are losing there interest towards Engineering , Management and Professional Education . It has lead to the significant drop in admission inquires, and badly affected rest of the process. One of the reason behind is the sources information, that students & parents are using for the selection of their ...
Read more