General Data Protection Regulation

General Data Protection Regulation

GENERAL DATA PROTECTION REGULATION

The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council in April 2016, will replace the Data Protection Directive 95/46/ec in Spring 2018 as the primary law regulating how companies protect EU citizens’ personal data.

Companies that are already in compliance with the Directive must ensure that they are also compliant with the new requirements of the GDPR before it becomes effective on May 25, 2018.

Companies that fail to achieve GDPR compliance before the deadline will be subject to stiff penalties and fines.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key privacy and data protection requirements of the GDPR include:

  • Requiring the consent of subjects for data processing
  • Anonymizing collected data to protect privacy
  • Providing data breach notifications
  • Safely handling the transfer of data across borders
  • Requiring certain companies to appoint a data protection officer to oversee GDPR compliance.

Who are subject to GDPR Compliance?

The purpose of the GDPR is to impose a uniform data security law on all EU members so that each member state no longer needs to write its own data protection laws and laws are consistent across the entire EU.

In addition to EU members, it is important to note that any company that markets goods or services to EU residents, regardless of its location, is subject to the regulation. As a result, GDPR will have an impact on data protection requirements globally.

The General Data Protection Regulation establishes eight rights that apply to all users the organization is obligated to respect these rights or face severe penalties.

The GDPR allows for steep penalties of up to €20 million or 4% of global annual turnover, whichever is higher, for non-compliance. These rights are as follow –

1. The right to access

Individuals may request access to their personal data. They may also ask about how their data is used, processed, stored, or transferred to other organizations. You must provide an electronic copy of the personal data, free of charge if requested.

2. The right to be informed

Individuals must be informed and give free consent (not implied) before gathering and processing their data.

3. The right to data portability.

Individuals may transfer their data from one service provider to another at any time. The transfer must happen in a commonly used and machine-readable format. 4. The right to be forgotten. If users are no longer customers or withdraw their consent to use their personal data, they have the right to have their data deleted.

Exemptions to comply with a data subject request under GDPR

Data protection principles, data subject rights and controller obligation are not absolute. They can be limited, restricted or lightened by the way of union and the member state law. To be law full, however, the limitation must fulfil the requirements mentioned in Article 23 of EU GDPR are as follows –

Union or Member State law to which the data controller or processor is subject may restrict by way of a legislative measure the scope of the obligations and rights provided for in Articles 12 to 22 and Article 34,

as well as Article 5 in so far as its provisions correspond to the rights and obligations provided for in Articles 12 to 22 when such a restriction respects the essence of the fundamental rights and freedoms and is a necessary and proportionate measure in a democratic society to safeguard:

(a) For the protection of national security refer to both the internal and external security of Member States

(b) For the Defense related matter of Union or Member state.

(c) Public security covers the protection of human life, particularly incases of “natural or manmade disasters’’

(d) The prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

(e) Other important objectives of general public interest of the Union or a Member State, in particular an important economic or financial interest of the Union or a Member State, including monetary, budgetary and taxation matters, public health and social security.

(f) The protection of judicial independence and judicial proceedings.

(g) The prevention, investigation, detection and prosecution of breaches of ethics for regulated professions.

(h) A monitoring, inspection or regulatory function connected, even occasionally, to the exercise of official authority in the cases referred to in points (a) to (e) and (g).

(i) The protection of the data subject or the rights and freedoms of others.

(j) The enforcement of civil law claims.

GDPR Enforcement and Penalties for Non-Compliance

In comparison to the former Data Protection Directive, the GDPR has increased penalties for non-compliance. SAs have more authority than in the previous legislation because the GDPR sets a standard across the EU for all companies that handle EU citizens’ personal data.

SAs hold investigative and corrective powers and may issue warnings for non-compliance, perform audits to ensure compliance, require companies to make specified improvements by prescribed deadlines, order data to be erased, and block companies from transferring data to other countries. Data controllers and processors are subject to the SAs’ powers and penalties.

The GDPR also allows SAs to issue larger fines than the Data Protection Directive; fines are determined based on the circumstances of each case and the SA may choose whether to impose their corrective powers with or without fines.

For companies that fail to comply with certain GDPR requirements, fines may be up to 2% or 4% of total global annual turnover or €10m or €20m, whichever is greater.

Don't forget to share this article :-

Stay Updated With Our Blogs!

Explore more of our blogs to have better clarity and understanding
of the latest corporate & business updates.

Logo Registration

Logo Registration: Protecting Your Visual Identity Introduction In today’s competitive business world, your logo is

Read More »

Why People Choose Our Services ?

Free Legal Advice

We provide free of cost consultation and legal advice to our clients.

Tech Driven Platform

All our services are online no need you to travel from your place to get our services.

Grow your business

Experts Team

We are a team of more than 15+ professionals with 11 years of experience.

Transparent pricing

There are no hidden & extra charges* other than the quote/invoice we provide.

100 % Client Satisfaction

We aim that all our customers are fully satisfied with our services.

On-Time Delivery

We value your time and we promise all our services are delivered on time.

Why Trust legal Suvidha?

People Who loved our services and what they feel.

In this Journey of the past 10+ years, we had gained the trust of many startups, businesses, and professionals in India and stand with a 4.9/5 rating in google reviews.We register business online and save time & paperwork.

Reno K Subramaniam
Reno K Subramaniam
22/03/2023
I have recently registered a Private Limited firm and was looking for a CA to take care of the filings, Startup India Certificate, and other formalities. I have received emails from legal Suvidha and a few others. I tried talking to them all. But, Mr. Mayank from Legal Suvidha was very impressive and was patient enough, prompt to answer all the queries. He has a very professional team and after the initial formalities, I started interacting with the team. It's not even 2 weeks but I really feel overwhelmed by their service and professionalism. I received my startup India certificate yesterday and my filings have been done promptly. The team at legal suvidha Ms. Nidhi, Ms. Priyanka, Ms. Koshika, and Ms. Saloni all show the same professionalism and are readily available to take care of the official filings and stuff. Overall a great experience till now and looking forward to a great journey!
pankaj tiwari
pankaj tiwari
22/03/2023
Legal suvidha is a team of genuine and experienced professionals who give you best services according to your profile
Raman Krishnan
Raman Krishnan
21/03/2023
Saloni from legalsuvidha has done a excellent job for filling and geting certificate of DPIIT. Thanks to legalsuvidha.
Prakaash Hari
Prakaash Hari
15/03/2023
Team Legal Suvidha offers a brilliant service. There communication is quite clear and they execute the job meticulously. We are a startup private limited company and their advice is so critical in making my decision. Well done team. Keep it up. Prakaash Hari, Director, ipixela.
Priyanka Rudra
Priyanka Rudra
02/03/2023
Dedicated team and fast response
Dr. Vishal Ghag
Dr. Vishal Ghag
21/02/2023
Been using their services since 3 years now and I am absolutely happy with Legal Suvidha. They have been supportive, understanding and highly skilled at helping me with my business needs.

Our Partnerships & Collaborations

Contact us and grow your business

Legal Suvidha App

Now all Professional Services in a Single Click !

Now get all the services required for your business in a single app.

Subscribe to our newsletter & grow your business

Subscribe To Our Newsletter .

Sign up to receive email updates on new product announcements, special promotions, sales & more.