- October 26, 2017
- Posted by: Raghu
- Category: Blog
When I hear about GDPR on the news and the tension it has created, the only thing that comes to the mind is, this has happened before. This is not the first time any regulation has created a stress-filled environment. You might recall, some ten years ago, a similar panic followed when SoX (Sarbanes Oxley Act of 2002) came into effect. Now, the only difference is we are more prepared.
What is GDPR?
GDPR (General Data Protection Regulation) aims to protect how personal data is stored, processed, and destroyed (when it’s not in use anymore). Here, EU individuals gain control over the way their personal data is being used by any organization.
The current EU Data Protection Directive will be replaced by GDPR from May 2018. The major difference that GDPR brings when compared to the current framework is that it is a regulation. A directive does not legally bind, it only recommends, regulation is a legally binding law.
GDPR and SOX
Similarly, when we talk about the connection between SOX and GDPR, then the biggest one is both frameworks are constricted to a specific region. But, this does not really reduce the panic spread globally because so many organizations operate in EU. All these organizations will be directly or indirectly affected.
Just like SOX posed a great challenge in front of everyone, is GDPR also going to be equally tough? No, after SOX the technology has taken an altogether new turn. With this massive technological development, the transition will be rather easy and smooth. The good thing is GDPR functions in the same way. You just need to maintain documentation to prove everything is compliant and correctly placed in the system.
How can GDPR affect Indian organizations?
Many Indian organizations are worried about the impact of GDPR. Staying compliant and protecting personal data is a real task. It is quite evident that no Indian organization will be able to do business with EU if they do not follow GDPR terms. Moreover, it is a necessity for organizations operating in multi-location and doing business with EU firms to maintain GDPR compliance.
The GDPR framework will apply to most of the businesses. As these organizations work with European companies or handle personal data of EU citizens. Irrespective of the industry, many companies will get involved, and there’s no option other than GDPR compliance by 25th May 2018.
Already India is missing from the list of countries approved for data portability and transfer, GDPR will be an extra challenge. So it becomes important for Indian organizations to plan and get ready for-
- GDPR compliance activities and measures
- Tight security across all data storage systems
- Procurement of cyber insurance cover
- Analyzing risks and data breaches in the system
- Examining who can access the user data
- Establishing and creating personal data inventory
- Getting prepared for penalties if the worst happens
There’s a lot to be done within just a few months. It’s time to stop reminiscing about the effects and start working for what could be done. And if you still face some problems, don’t worry, reach out to our team at ToggleNow. We can help you stay compliant with GDPR terms.