send mail to support@abhimanu.com mentioning your email id and mobileno registered with us! if details not recieved
Resend Opt after 60 Sec.
By Loging in you agree to Terms of Services and Privacy Policy
Please specify
Please verify your mobile number
Login not allowed, Please logout from existing browser
Please update your name
Subscribe to Notifications
Stay updated with the latest Current affairs and other important updates regarding video Lectures, Test Schedules, live sessions etc..
Your Free user account at abhipedia has been created.
Remember, success is a journey, not a destination. Stay motivated and keep moving forward!
Refer & Earn
Enquire Now
My Abhipedia Earning
Kindly Login to view your earning
Support
The European Union’s (EU) General Data Protection Regulation (GDPR), which takes effect from 25 May, envisages strict rules for handling personal data of users and specifies new protocols for handling and storing private data, and sharing it with third parties. The new privacy law (GDPR) seeks to harmonise the scattered data protection laws in the EU and envisages stringent penalties under it. It replaces the existing EC Data Protection Directive (95/46/EC). GDPR seeks to enhance the data privacy rights of users and imposes certain new responsibilities upon data controllers and processors. The new law endeavours to create a model for a data protection and privacy framework that will be able to keep pace with rapid advancements in technology. Most importantly, GDPR attempts to give back to individuals control over their personal data, while recognising the protection of one’s personal data as a fundamental right.
Background: In January 2012, the European Commission set out plans for data protection reform across the European Union in order to make Europe 'fit for the digital age'. Almost four years later, agreement was reached on what that involved and how it will be enforced. One of the key components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.
Highlights: New definition of personal data: Under the GDPR, personal data is anything that relates to an identified or identifiable individual. For example: name, address, email address, location data or computer IP address. Sensitive data, such as religious beliefs, racial or ethnic origin, sexual orientation or trade union membership, are subject to extra protections.
Higher penalties: The GDPR foresees fines of 2 to 4 per cent of a company’s annual revenues or 20 million euros ($24 million), whichever is higher.
Stricter rules on consent: Companies will need to get freely given, specific, unambiguous and informed consent from individuals to process their data. They will also need users to opt in to the processing of their data - simply giving them an opt out will not be valid. In other words, companies will no longer be able to ask consumers to tick a box after a long set of terms and conditions that most people never read.
Global scope: The GDPR will apply to any company that has customers in the EU, whether the firm was established in the bloc or not.
New rules for data processors: The GDPR distinguishes between data “controllers” and data “processors”. A data controller determines why personal data must be collected and processed as well as how. A data processor only processes personal data on behalf of the controller and is usually a third-party company. For example: A retailer that hires a human resources company to handle payroll and other functions is the data controller, while the human resources company is the data processor. Under GDPR, data processors must guarantee the same standards as controllers and ensure they meet the requirements of the law. There must be a legal contract between a processor and a controller, and a processor may not engage another company to process data without the controller’s consent.
Data breach notifications: Companies must notify data protection authorities of data breaches within 72 hours of becoming aware of it, if it is likely to impact the rights of individuals. If the breach carries a high risk for individuals then the company must notify the affected people without undue delay.
One-stop shop:The GDPR introduces a “one-stop shop” mechanism to make it easier for companies operating across the EU, for example Facebook, Google and Mastercard. Companies processing data across the bloc will have a lead authority in the country where they have their main establishment, for example Facebook in Ireland. The lead authority will be the main point of contact for the company and responsible for ensuring its compliance with GDPR. In cases involving citizens from several countries the lead authority will coordinate with other “concerned” authorities. If there are disputes between authorities, a new body, the European Data Protection Board (EDPB), can make binding decisions.
Stronger rights for Europeans: People living in the European Union will get the right to: • Receive clear and understandable information about who is processing their data and why • Access data an organisation holds about them • Ask for personal data to be erased if there is no longer any legitimate reason to keep it • Have data corrected if it is incorrect • Move data from one service provider, such as an email service or social network, to another
Brexit impact on GDPR: The UK is set to leave the EU on 29 March 2019, a little over ten months after GDPR comes into force. The UK government has said this won't impact on GDPR being enforced in the country, and that GDPR will work for the benefit of the UK despite the country ceasing to be an EU member. So Brexit is unlikely to have any impact on an organisation's GDPR compliance requirements.
Impact on Indian firms: GDPR will replace the 1995 Data Protection Directive and is aimed at protecting the personal data of EU citizens in the new digital world. The regulation covers all the EU member states and citizens, so all global enterprises with operations or customers in EU must comply. Europe is a significant market for the ITeS, BPO and pharma sectors in India. The size of the IT industry in the top two EU member states (Germany and France) is estimated to be around $155–220 billion. Indian companies are likely to face increased compliance costs on the back of GDPR or risk huge penalties if they fail to comply. But they could see it as a business opportunity. Moreover, following the Supreme Court’s verdict, a data protection framework has been proposed by the Srikrishna Committee in India.
By: Dr. Vivek Rana ProfileResourcesReport error
Access to prime resources