General Data Protection Regulation (GDPR) Complaince: Principles

GDPR, it is the European Union’s new privacy law. This regulation is the data
protection privacy in European Union and the European Economic area.GDPR
Compliance is aiming to create more consistent Protection of consumer and
personal data across the European Union Nations. Requires a significant overhaul
and rewriting of privacy policies and contractual arrangement with data subjects
and their internal Protection protocols and system to make complaint. Processing
of personal data must be undertaken with following

 .General principles- processing should be done lawfully, personal data
collected should be specified, personal data should be kept in a form which
permits identification of data subjects for no longer than is necessary.
 Condition of consent- where processing is based on consent, obtaining of
consent should be specific, informed and unambiguous.
 .information to be provided to data subject- The controller at time of
obtaining the personal data to provide the data subject with all prescribed
information such as identity and contact detail of controller
 Rights of data subjects- Right of access, rights of ratification ,right to
erasure ,right to restriction of processing, right to data portability
 Responsibilities of the controller and processor- controller should
implement appropriate technical and organizational measures to ensure,
where processing is to carried on behalf of a controller, maintain a record
of processing activities under its responsibility in prescribed information.
 Actions to be taken upon a personal data breach- in case of personal data
breach, the controller without delay(where feasible, not later than 72 hours
after having become aware of it)notify the breach to supervisory authority
in terms of GDPR.GDPR also provides for carrying out of data protection
impact assessment in certain cases
Compliance with GDPR has particularly important given the
heavy penalties associated with GDPR non-compliance .failure
to comply with the GDPR requirement can attract
administrative fines up to to EUR 10,00,000 or 20,000,000 or
incase undertaking, up to 2% or 4% of totals worldwide annual
turnover of preceding financial year whichever is higher,
depending on nations provisions breached. Also for Indian
companies, their EU counterparts also likely to insist on
compliance with GDPR as part of standard contractual clauses.

