Edit

Main Menu

Dashboard
Post Article

Top Categories

Contact Us

Everything about General Data Protection Regulation (GDPR)

GENERAL DATA PROTECTION REGULATION

The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. Companies that are already in compliance with the Directive must ensure that they are also compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018. Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:

  • Requiring the consent of subjects for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to appoint a data protection officer to oversee GDPR compliance.

 

Who are subject to GDPR Compliance?

The purpose of the GDPR is to impose a uniform data security law on all EU members so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU. In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally.

 

The General Data Protection Regulation establishes eight rights that apply to all users the organization is obligated to respect these rights or face severe penalties. The GDPR allows for steep penalties of up to €20 million or 4% of global annual turnover, whichever is higher, for non-compliance. These rights are as follow –

1. The right to access.

Individuals may request access to their personal data. They may also ask about how their data is used, processed, stored, or transferred to other organizations. You must provide an electronic copy of the personal data, free of charge if requested.

 

2. The right to be informed.

Individuals must be informed and give free consent (not implied) before gathering and processing their data.

 

3. The right to data portability.

Individuals may transfer their data from one service provider to another at any time. The transfer must happen in a commonly used and machine-readable format. 4. The right to be forgotten. If users are no longer customers or withdraw their consent to use their personal data, they have the right to have their data deleted.

Exemptions to comply with a data subject request under GDPR:

Data protection principles, data subject rights and controller obligation are not absolute. They can be limited, restricted or lightened by the way of union and the member state law. To be law full, however, the limitation must fulfil the requirements mentioned in Article 23 of EU GDPR are as follows –

Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34, as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

(a) For the protection of national security refer to both the internal and external security of Member States

(b) For the Defense related matter of Union or Member state.

(c) Public security covers the protection of human life, particularly incases of “natural or manmade disasters’’

(d) The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

(e) Other important objectives of general public interest of the Union or a Member State, in particular an important economic or financial interest of the Union or a Member State, including monetary, budgetary and taxation matters, public health and social security.

(f) The protection of judicial independence and judicial proceedings.

(g) The prevention, investigation, detection and prosecution of breaches of ethics for regulated professions.

(h) A monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g).

(i) The protection of the data subject or the rights and freedoms of others.

(j) The enforcement of civil law claims.

GDPR Enforcement and Penalties for Non-Compliance

In comparison to the former Data Protection Directive, the GDPR has increased penalties for non-compliance. SAs have more authority than in the previous legislation because the GDPR sets a standard across the EU for all companies that handle EU citizens’ personal data. SAs hold investigative and corrective powers and may issue warnings for non-compliance, perform audits to ensure compliance, require companies to make specified improvements by prescribed deadlines, order data to be erased, and block companies from transferring data to other countries. Data controllers and processors are subject to the SAs’ powers and penalties.

The GDPR also allows SAs to issue larger fines than the Data Protection Directive; fines are determined based on the circumstances of each case and the SA may choose whether to impose their corrective powers with or without fines. For companies that fail to comply with certain GDPR requirements, fines may be up to 2% or 4% of total global annual turnover or €10m or €20m, whichever is greater.

Print Friendly, PDF & EmailPrint This Page
Post Views: 650

Don't forget to share this article :-

Latest Blogs

View All →

Our Services →

Company Registration

Private Limited Company is the most preferred business structure for Startups and small businesses in India. It is relatively easier to register a private limited company With MCA.

Startup Registration

Startup registration i.e. how to register, which type legal entity it should be etc. are the questions, which are commonly asked by the entrepreneurs who want to start their own business.

LLP Firm Registration

The word LLP holds immense significance in the corporate world. It refers to Limited Liability Partnership which differs from Private Limited Company and General Partnership

OPC Registration

As per the Companies Act, 2013, OPC is defined as a company having one person as its member meaning thereby OPC is effectively a company that has only one shareholder as its member.

GST Registration

Under the new GST regime, GST registration is mandatory for all enterprises involved in the supply of goods or services or both & the annual turnover exceeds Rs.10 lakhs a year.

ROC Annual FIling

Annual filing means submitting companies financial and non-financial information to Companies regulatory authority of the concerned state where the registered office of the company is situated.

Latest Posts →

Input Tax Credit (ITC) on CSR Activities under GST
Input Tax Credit (ITC) on CSR Activities...
INPUT TAX CREDIT ON CSR EXPENSES What is CSR? Section 135(5) of The Companies Act, 2013 requires every eligible company
Highlights of 48th GST Council Meeting
Highlights of 48th GST Council Meeting
HIGHLIGHTS OF THE 48TH GST COUNCIL The 48th GST Council meeting was held on 17th December 2022, Saturday, virtually from

Legal Suvidha has been a one-stop Compliance Provider for all start-ups and entrepreneurs.

 

Legal Suvidha Blog © 2022. All Rights Reserved.

Our Information

Important Links

Contact Us

Facebook Twitter Youtube Linkedin Instagram

Want to Mange Your Business in a better way?