Market Updates

General Data Protection Regulation (GDPR) Readiness

November, 2018

Non-compliance of General Data Protection Regulations (GDPR) can incur heavy penalties of up to €10 million or 2% of the company’s global annual turnover for violations listed in Article 83(4) of the GDPR act and up to €20 million or 4% of the company’s global annual turnover for breaches enumerated in Article 83(5) of the act. Thus, it is essential to evaluate the GDPR readiness of organizations especially operating within the EU region.

Moreover, on a global perspective protecting personal data of customers is increasingly becoming the top priority of regulatory bodies in the move towards digital ecosystem. Thus, the following critical steps highlights the obligations and responsibilities of organizations to be General Data Protection Regulation (GDPR) ready:

  • Resilient system design concurrent with robust Data Protection: This ensures personal data to be protected with strong industry security standards and best practices, both during transmission and storage. Moreover, transparency in a resilient system design inculcates best practices such as taking affirmative consent of customers for storage and subsequent usage guidelines being clearly articulated.

  • Data Governance: This requires identifying and mapping all personally identifiable information (PII) collected, and articulating the usage of the information, which includes guidelines for data access and secured flow of information. Consequently, this enable effective monitoring of imminent or potential risks from data forgery or loss during transmission or at storage locations and administers robust data security policies.

  • Policies: Constantly updating internal policies including privacy policies (e.g. clear guidelines for up-to-date Cookie policy) to be compliant with GDPR requirements; ensures user rights are secured and clearly articulated.

  • Process and Communication: This requires formal review of GDPR readiness and essentially take proactive measures that encompass setting up of proper communication channels and additional processes such as training exercises to handle all GDPR related inquiries and tasks both internally and externally.

– Shiladitya Chaterji,
Senior Analyst– ICT,
Infoholic Research