New Delhi/London, May 25 (IANS) The long-awaited General Data Protection Regulation (GDPR) that gives citizens in the European Union (EU) more rights to control their privacy came into effect on Friday — a move that should inspire other countries, including India, to protect individuals’ digital rights.
While the EU regulations give individuals greater control over how their data is being collected, processed and used, violations of the norms can cost companies a fortune — either 20 million Euros or four per cent of annual turnover.
Any company in the world having operations in the European Union is liable to comply with the new regulation.
“The EU has been very proactive about protecting consumers’ rights. We would like to see more countries like China and India come forward and make strong laws like GDPR to secure individuals’ privacy,” Shane Wall, Chief Technology Officer at the global printing and PC major HP, told IANS.
In India, the Supreme Court in a landmark judgment last year declared privacy a fundamental right. This set the government in motion to take steps to bring a new data protection legislation for the country, the draft of which is expected in a few months.
According to the nation’s leading cyber law expert Pavan Duggal, India should not cut-paste any other country’s law as it has to deal with a different set of problems.
“India’s social realities are entirely different. The country has to deal with the huge issue of Aadhaar which is reeling under variety of cyber attacks because we have failed to apply cyber security as an integral part of the Aadhaar architecture,” Duggal told IANS.
According to him, India’s approach has to be based from its soil and the country must strive for data localisation.
At a time when several technology companies have come under the scanner for misuse of personal data of users, the new EU legislation, passed in April 2016, is seen as an attempt by the lawmakers to restrict the powers of the technology companies.
But the technology companies are not the only ones that deal with data. The regulations will impact all the sectors of the economy, including banking and finance that collect and use user data.
The reverberations of this ground-breaking legislation are set to be felt across the world as rampant data breaches and misuse of personal data for driving corporate profit become increasingly unacceptable.
The new regulations give the users of tech companies the right to see what information about them is being collected and also have it deleted if they wish so.
It also makes it mandatory for companies to tell all affected users about any data breach, and inform the overseeing authority within 72 hours, according to a BBC report.
Major technology companies have said that they are ready to comply with the GDPR rules.
According to Michelle Dennedy, Chief Privacy Officer, Cisco, the digital economy can only flourish when you connect people, process, data and things in an ethical, meaningful and secure way.
“That includes creating an environment in which everyone can easily do business and know their data is safeguarded,” Dennedy told IANS, adding that they are committed to help customers and partners by protecting and respecting personal data, no matter where it is from or where it flows.
Microsoft this week announced that it will extend the core rights guaranteed under the new regulations to all of its customers worldwide.
According to Rana Gupta, Vice President-APAC Sales, Identity and Data Protection at digital security firm Gemalto, “we will continue to see tightening of the regulatory environment with respect to data privacy and enforcement of penalties on firms as well as fiduciary officers in the wake of data breaches resulting out of inadequate protection measures.”
In order to be compliant, a business must begin introducing the correct security protocols in their journey to reaching GDPR compliance, including encryption, two-factor authentication and key management strategies to avoid severe legal, financial and reputational consequences, Gupta suggested.