Legal cases with fixed pricing, standardized processes, and firm timelines
General Data Protection Regulation (GDPR) is the regulation formulated by the European Union (EU) for the protection of data of individuals. It provides protection to the exporters of the data outside the EU. India adopted the GDPR in April 2016 and it will be enforceable by 25 May 2018. It means that everyone falling under the ambit of GDPR has to conduct GDPR compliance in India and get a GDPR certification by 25th May, 2018.
Update your data protection policy and become GDPR compliant by getting in touch with the Cyber crime lawyers.
EU has amended their existing laws on data protection by including the General Data Protection Regulation in it. Amendment in the data protection laws that GDPR in force date will be 25 May 2018. The objective of GDPR is to protect the data of the individuals by recognising their right and freedom relating to data processing. As per the GDPR overview 2018 the scope of GDPR has been extended to the companies which process the data of residents of EU.
Consumer data has been used by the companies for the marketing purpose increasingly by the companies and there was earlier no law to stop them from doing so. GDPR provides for more stringent compliance policies and in case of failure to comply with the regulations GDPR fines and penalties will be levied on.
Consult : Consult Top Cyber Crime Lawyers in India
GDPR protects the personal data from being misused. To understand the procedure and compliance of GDPR it is necessary to understand what comes under the definition of personal data.
As per the GDPR ico blog personal data has been defined as any information of an identifiable person who is being identified directly or indirectly through such information. Simply, any information which clearly talks about a person is personal data. There is no definite definition of personal data under GDPR data protection and it leaves a scope for broad interpretation of the term personal data.
Article 4(1) of GDPR defines personal data as personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
GDPR applies to personal data as well as sensitive personal data.
GDPR ico notification defines the sensitive personal data as the data which is immensely personal to a natural personal and is very sensitive in nature. Thus the sensitive personal data as defined under the GDPR is data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.
Related Read : Right to Privacy vis-a-vis Technology
GDPR applies to data controller and data processor. Definition of GDPR data controller provides that controller is a person who looks after, control and determines the means and purpose of processing of personal data. On the other hand GDPR data processor process and is responsible for the processing of data on behalf of GDPR data controller. On doing a comparison study of GDPR data controller vs data processor it can be seen that data controller is a person or agency appointed for controlling the implementation of the GDPR data protection compliances and policies whereas a data processor is one who process the data on behalf of data controller.
The responsibility of GDPR data processor is given under Article 28 and according to Article 28 from the EU GDPR, “Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
The regulations on general data protection has provided certain obligations of GDPR data controller which are as follows :
Suggested Read : The Legal Battle Against Online Piracy in India
GDPR talks about the protection of data but what kind of data is actually protected under the General Data Protection Regulation. The data which is protected under the GDPR is the data which is identifiable with a natural person. Thus, the following data is protected by way of GDPR -
Indian companies might be wondering that why do they have to comply with the GDPR compliance and why do they need to obtain the GDPR compliance certification. The answer is very simple to this as the GDPR provides that a company which stores, uses, control or processes the information of EU citizens have to comply with the GDPR even if they do not have physical business presence in european nations. If any company fulfils the following requirement they have to be GDPR compliant :
Get your compliance of GDPR done on priority from the Best Cyber Crime Lawyers as the date of deadline of mandatory GDPR compliance is approaching i.e. 25 May, 2018.
Top Read : Indian Cyber Law vis-a-vis TechnologyWhat are the laws on data protection?
Data protection laws are those set of regulation, policies and provisions which deal with the protection of personal data when the privacy is invaded because of control, use storing or dissemination of personal data. With Indian Constitution recently recognising Right to piracy as a part and parcel of Fundamental Rights GDPR compliance has become mandatory for companies dealing in the data of EU and residents of EU. In India there is no specific law for data protection though provisions of Information Technology Act, 2000 and the Act also provides for the civil and criminal punishments for misusing the personal and sensitive personal data or wrongfully disclosing the personal data. Section 72 of the Information Technology Act provides for the punishment for violating the laws on data protection. The section states that anyone who is found violating the provisions related to data protection shall be punishable with imprisonment upto two years or fine which may extend upto Rs. 1,00,000 or with both. With the focus to protect privacy the EU GDPR certification has to be obtained and the last date to comply with GDPR is 25 May, 2018. To be GDPR compliant follow the below given GDPR compliance checklist -
Must Read : Cyber Crime in India
Data breach or breach of data protection simply means that the personal or the sensitive personal information has been accessed or disclosed to a third party who is unauthorized to get such information. The information which has been disclosed has to be otherwise protected. Data breach generally and other GDPR includes information such as personal health, intellectual property, trade secrets, etc.
GDPR ico prescribes for two types of breaches - Personal Data Breach and Security Data Breach. Any kind of data breach should be reported to the supervisory authority within 72 hours and also the GDPR data subject rights policy also state that the data subjects should also be reported about the data breaches without any unreasonable delay.GDPR Fines and Penalties
GDPR ico privacy notice levy following GDPR fines and penalties in case of GDPR data breach -
Administrative fines - The GDPR imposes stiff fines on data controllers and processors for non-compliance.
Determination of fines - Each state supervisory authority can administer the fines for GDPR breach. The following 10 criteria are to be used to determine the amount of the fine on a non-compliant organisations:
Amount - For the breach of GDPR the amount to be imposed as a fine should be at the highest end on the company violating and not complying with the GDPR compliance. Penalty for GDPR should be imposed for the biggest breach and not for separate provision. However, the above may not offer much relief considering the amount of fines possible: Lower level - Up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
Upper level - Up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher, shall be issued for infringements of:
email@example.com or call us at +919811782573. MyAdvo acts as Client's legal concierge providing technology solutions for Lawyer Discovery, Price Discovery and Case updates. With the use of technological solutions, we match the client’s requirements with the lawyer based on expertise, location etc. Our dedicated team of 60+ in Delhi, Mumbai and Bangalore strive to do everything to help the client in taking the better-informed decision by understanding his legal situation and requirement. Further, for any query regarding the operational or financial debtor you can consult the lawyer online and also ask legal advice online. MyAdvo lets you find the lawyer anywhere in India online. To have daily updates of blogs, legal topic and legal news download the MyAdvo App on your phone.