GDPR AND ITS IMPLICATION ON INDIAN BUSINESS

GDPR AND ITS IMPLICATION ON INDIAN BUSINESS Finally, one of the most awaited regulations of EU came into process. To protect digital data privacy of any European subject it has been created, Rules have been re-written. On April 2016 GDPR was adopted by the European Commission and it had given a period of two years to all the digital data commercializing companies for preparation. It got enforced on 25^th May 2018. This new regulation for data protection has been updated in conjunction with the personal data rules. European Union adopted this new regulation to match the speed of the digital data sectors. General Data Protection Regulation (GDPR) is enforced and it replaced the old Data Protection Directives of 1995. According to the European Commission it is not only an important but a necessary move to update and amend the old digital data regulation. It will be better that we should call it an evolution rather than calling it a revolution, because this new regulation just got evolved from 1995 to 2018. In 1995 it was Data Protection Directives 95/EC/46, after that in 2012 the European Commission proposed a legal framework to deal with the new digital challenges and protection of personal data to the European Union member state. And then in April 2016 this proposal was accepted by the European Union state, thus on 25^th May 2018 GDPR got enforced all across 28 EU member state. Changes made in new data protection regulation Changes that have been made into new data protection regulation can have its impact on the business organization of other countries apart from the EU member states, although all the EU member states are having the liberty to frame their national law according to the GDPR by making the provision a bit flexible according to their requirements. In GDPR, the scope of territorial jurisdiction has been broadened; it means all the entities that target the European data subject will have to comply with the provisions of GDPR. And if not complied according to the regulations of GDPR then fine will be imposed which can be 2% - 4% of annual turnover of that Corporate body or 10-20 million EUR, whichever is higher. It is also provided that the controller and the processor should be able to demonstrate their compliance to the GDPR. This time the EU is more focused on the consent of the individuals which are subject to the EU. If any kind of breach happens then that should come into the notification of Data Protection Authorities (DPA) within 72 hours. The Data Protection Authorities will supervise the processing activity all around the EU. Apart from that Binding Corporate Rules (BCR) has been added as a tool for transferring the data outside the EU and EEA. All the above has been included in GDPR which consists of 99 Articles. GDPR’s Implication on Indian Companies This new law will have an impact on the control and management sector of the organizations which are involved in operational setup within the EU, organization whose third party is operating in the EU, and also in case if the company is targeting the customers of the EU. Through these ways even if any company, whose place of effective management is not in the EU will have to face the impact of this new law. Accordingly, if we talk about the Indian companies then mostly IT, LPO and BPO sectors will get impacted by this new law, because they deal majority of their work related with digitalized data. From now it is required to comply with rules of GDPR while processing of collecting digitalized data. And the point which is very important to understand is that GDPR is applied on every outsourcing company.