E.U. Law on Data Protection
Personal data is data that relates to an identifiable living individual and includes names, email IDs, ID card numbers, physical and IP addresses.
The European Union General Data Protection Regulation (GDPR) brings most notable change in the data protection regime. The law, which comes into effect on May 25, has been designed to protect the personal data of E.U. residents.
- The GDPR reflects a paradigm shift in the understanding of the relationship individuals have with their personal data, granting the citizen substantial rights in his/her interaction with data controllers and data processors.
- A data controller will have to provide consent terms that are clearly distinguishable, i.e., consent cannot be buried in the fine print that is incomprehensible to the layperson.
- GDPR requires those collecting data to provide information on the ‘who’ and ‘how.’ Individuals will also have the right to have personal data deleted under certain conditions.
- The GDPR also makes reporting obligations and enforcement stronger: data breaches will normally have to be reported within 72 hours and failure to comply with the new laws could result in a fine up to 4% of global turnover or €20 million — the maximum amount of the fine.
- EU has recognised that the growth in the digital economy and rapid advances in technology meant individuals were sharing personal data, and companies and governments used this data on an “unprecedented scale.”
- Therefore, it sought to replace the existing data privacy directive, which enables and guides laws in each of the 28 EU member states, with a regulation (GDPR), a stronger instrument which harmonises data protection laws across the 28 countries.
Impact on India
- The GDPR has global implications as it also applies to those outside the E.U. who either monitors the behaviour of EU residents or sell goods and services to them. Consequently, the law is expected to have a significant impact on Indian IT firms and other service providers who trade with E.U.
- EU is India’s is the largest trading partner, with bilateral trade in services alone running upwards of €28 billion (Rs 2.2 lakh crore). Yet, only a third of Indian IT firms are making arrangements for the GDPR.
- 39% unaware of what it is even.
This would result in fines, loss of business and missed opportunities, as well as diplomatic wrangling in trade talks between India and the E.U. [The Hindu]