General Data Protection Regulation (GDPR) is the new set of rules brought-in by the Europian Union, empowering its citizens to have control over their personal data. The GDPR is being hailed as the biggest overhaul of data privacy laws in over 20 years. The law, which came into force on May 25, gave EU citizens new rights over how their personal data are used. GDPR provides completely new definition of personal data. As per GDPR, personal data as anything that relates to an identified or identifiable individual. This may include somebody’s name, address, email address, location data or computer IP address. It keeps sensitive data, such as religious beliefs, racial or ethnic origin, sexual orientation or trade union membership, as subject to extra protections.
The law entrusts Europians with stronger control over information about them. Now, the citizens of UN will get the right to receive clear and understandable information about who is processing their data and why, access data an organization holds about them, ask for personal data to be erased, have data corrected if it is incorrect, move data from one service provider, such as an email service or social network, to another.
How will GDPR affect Indian companies?
The law leaves a number of companies, including those which are doing business with EU from India, affected by large. These companies will now face new rules on how they handle people’s data and stiff penalties for breaching the law. In case of a breach, GDPR foresees fines of 2 to 4 percent of a company’s annual revenues or 20 million euros ($24 million), whichever is higher.
The GDPR also applies to an Indian entity if it monitors the behavior of individuals in the EU. Going by the European Commission, the law applies to a company or entity which processes personal data as part of the activities of one of its branches established in the EU. The norm applies regardless of where the data is processed.
The GDPR also applies to a company established outside the EU offering goods/services which monitors the behavior of individuals in the EU. It doesn’t matter whether the company is providing its services paid or for free.
Speaking to IANS, Supratim Chakraborty, Associate Partner at the law firm Khaitan & Co, said that GDPR has a very wide scope and it does not matter whether you are in the EU or outside.
“If you are providing goods and services through the data subjects in EU, you will be covered under the ambit. For example, the outsourcing services will be covered under GDPR. Moreover, establishments which are engaged in tracking data subjects of the EU through apps or any other tools will be liable to comply to the new regulations,” Chakraborty was quoted as saying by IANS.