How the proposed European Union General Data Protection Regulation (EU GDPR) seeks to protect the privacy of individuals in Europe? Does it have any implications for business and laws in India also? Elucidate
The European Parliament adopted the new Rules on Data Protection in 2016. The new Regulation replaces the General Rules on Data Protection, 1995 and the 2008 framework decision on cross-border data processing in police and judicial cooperation within the EU. The proposed EUGDR takes effect from 2018. The proposed European Union General Data Protection Regulation (EU GDPR) seeks to protect the privacy of individuals in Europe in the following ways
- The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU
- The regulation, establishes a stronger regime for protection of personal data by giving more control to the users in the digital market.
- It also addresses the export of personal data outside the EU.
- It is necessary for all public authorities to appoint Data Protection Officers
core activities of the controller involve systematic monitoring of data subjects (customers) on a large scale or where the business entity conducts mass processing of special categories of personal data (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, etc.).
Implications on India:
The new EU General Data Protection Regulation (EU GDPR) requires that any businesses dealing with the European Union (EU) will need to comply with the new laws. So it would have some implications on India as the EU continues to be a significant market for the IT/BPO industry in India.
Although India has cautiously welcomed the GDPR, it fears that this regulation will negatively influence its businesses and policies. The regulation brings service providers directly under its purview. It is very detailed about their responsibilities, with rigid terms and harsh penalties. Adhering to the regulation leads to opportunity loss for the Indian IT/BPO industry as it further increases the threshold for data transfer outside EU. It could act as a non-tariff trade barrier, affecting outsourcing opportunities and information flow.