With GDPR enforced and similar Indian Data Protection Regulations on the way, CIOs need to make tectonic shift in how they take care of their organizational data, adopting a culture of security and a proactive approach with a holistic design towards minimizing risk.
From a perspective of a business and its CIO, what exactly does GDPR compliance entail?
The General Data Protection Regulation (GDPR) is a revolutionary change as far as data protection is concerned. To my mind this is a de-facto gold standard globally and is one of the most advanced and strictest data protection regulations It has two fold objectives, one is that of accountability, where organizations are required to be more accountable by complying with GDPR and secondly enforcement – ensuring the member states rigorously enforce GDPR, else any non-compliance to GDPR will cost the business a penalty of up to €20 million or 4% of annual turnover. This is surely a heavy cost to pay, besides the impact on the stock value, loss of customer trust and erosion of brand value. Hence, the key focus of a CIO is to ensure compliance.
Now, to address as to what GDPR compliance entails, As per European Union General Data Protection Regulation, GDPR is a regulation that applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition encompasses personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organizations collect information about people. GDPR not only applies to organizations located within European Union but also organizations outside the European Union who offer services/goods to/or monitor the behavior of EU data subjects.
How is GDPR implemented and enforced? What are the facets of information exchange that fall under GDPR umbrella?
Implementing GDPR requires a cultural change. It will require businesses to transform the GDPR legal requirements into compliant and a sustainable organizational and operational behavior. The implementation should focus on the GDPR principles of lawfulness, accuracy, fairness and transparency, integrity/confidentiality, purpose limitation and storage limitation.
You can read up to 3 premium stories before you subscribe to Magzter GOLD
Log in, if you are already a subscriber
Get unlimited access to thousands of curated premium stories, newspapers and 5,000+ magazines
READ THE ENTIRE ISSUE