European Union has introduced GDPR Regulation to protect the fundamental right to privacy for every EU citizen. In simple words, the data subject (EU citizen) will be made aware of on the 5 ‘W’s’ of When, Where, What, Who, Why and also the ‘H’ for ‘How’ their personal data is being used, processed, stored and disposed.
GDPR extends and transcends beyond the EU - meaning any collection / usage of anEU citizen’s personal data handled outside of the union by any entity has to adhere to GDPR. GDPR regulation has been in effect since 25th May 2018 and hence any organisation that works with EU citizen’s personal data in any manner, irrespective of location, is under the obligation to protect the personal data.
So that brings us to two basic words that covers the whole GDPR
The ambit of ‘personal data’ now extends to physical, physiological, genetic, mental, economic, cultural or social identity of a person.
Besides confidentiality, the ambit of ‘Protection’ now extends to maintaining privacy of personal data.
The regulation outlines the various principles based on which personal data can be collected, stored, used and retained. The application of these principles provides for many things in relation to upholding a citizen’s right to privacy
Important Questions that GDPR requires us to ANSWER
An Individual person who is the subject of personal data
A natural or legal person, public authority, agency or other body which, alone or jointly with others, determine the purpose and means of the processing of personal data.
A natural or legal person, public authority, agency or other body which process personal data on behalf of the controller
A natural or legal person, public authority, agency or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorised to process personal data
Two or more controllers who jointly determine the purpose and means of processing
Independent public authority which is established by a member state to monitor consistent application of the laws
At CBL, we believe in having a holistic approach towards regulatory compliance.
Our approach is a 5 step readiness program to bring organisation’s up to speed with the regulatory requirements of GDPR
Step 1 : Provide GDPR awareness session
Step 2 : Conduct a Data Inventory Audit
Step 3: Conduct a GDPR Assessment
Step 4 : Provide GDPR Implementation Assistance
Step 5 : Conduct Data Protection Impact Assessment