Are you ready to comply with GDPR?

GDPR compliance becomes mandatory by May 25th May 2018!

Clock is ticking! Be GDPR ready with Sumeru!

GDPR Readiness Assessment Quick Analysis Tool

How can Infosys help you to be GDPR - Ready?

Infosys has an end-to-end GDPR solution offering framework that spreads across four pillars in our ‘Infosys framework for GDPR’


Define & Design

Administer & Implement

Manage & Secure

What is GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. The law which will become effective from May 2018 will replace erstwhile EU Data Protection Directive 1995.

How can Sumeru helps with GDPR?

  • Data protection impact assessment (DPIA)
  • GDPR compliance& Implementation
  • DPO (Data protection officer)as service
  • GDPR compliance assuarance
  • GDPR training
  • Cyber security services
  • Internal auditing

Why should your organisation be concerned about GDPR compliance?

  • Processing personal information of EU citizens - no matter where your company is in the world
  • GDPR guidelines state that an entity can face fines of up to 20 million Euros or 4% of their Global Annual Turnover whichever is greater.
  • Data protection officer’s appointment is mandatoryand responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements.
  • Less than one third (32.9%) of organizations tag sensitive data.”

Key Focus Areas To Be Considered in EU GDPR

data protection officer

Data Protection Officer

Every member state needs to have an appointed supervisory authority who will interact with DPO (Data protection officer) at Controller/Processor level

data protection officer

Extended territorial scope

Non-EU Organizations which process personal data of EU residents or provide services to EU residents will need to adhere to new regulation

data protection officer

Privacy impact assessment

Organization processing the data will be required to conduct privacy impact assessments

data protection officer

Notification of breach

Organizations need to report data breaches within 72 hours after breach

data protection officer

Consent and Profiling

Organization must inform data subjects of the existence and consequences of any profiling activities which they carry out and obtain explicit consent from data subjects

data protection officer

Erasure/Rectification of data

Data subjects have right to ask for rectification or right to be forgotten

data protection officer

Data Portability

Organizations should develop interoperable formats that enable data portability

data protection officer

Privacy by design

Data protection principles should be adopted into product/project design process



This tool provides a quick analysis of where organization stands w.r.t. GDPR compliance based on the responses provided to 20 questions.

You can get the assessment results instantly!

With the GDPR deadline approaching closer, emphasis is given on reducing the monetary risk by providing weightage to GDPR focus areas as per the penalties associated in case of non-compliance. A higher weightage is assigned to GDPR area leading to higher penalties and lower weightage to GDPR area leading to lower penalties

Fill the details below to take the Assessment

AutoFill your information


When will GDPR come into effect?

The General Data Protection Regulation will come into effect on 25th May, 2018. Any organisation which will not comply with the provision of this regulations will have to pay hefty fines.

We’re offering a free service — are we still obligated?

If you’re processing EU citizens’ personal data for purposes other than purely personal (or as a public authority), you’re required to comply.

We are B2B service company – Do we have to comply?

You’re still obligated to comply with the regulation. Depending on your business arrangement, you may be considered either a data controller directly, or a data processor, in which case you’re processing data on behalf of a controller. Responsibility for compliance is shared between both controllers and processors.

Further, if you’re processing EU citizens’ data on behalf of a controller, you’ll need to have specific contractual terms with any controller(s) laying out their expectations with regard to GDPR.

What is personal data?

‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

What’s Different from Previous Regulations?

This is a significant change from the previous law, which most courts generally agree only maintains jurisdiction over companies with an established business in a particular state. The law will impose significantly greater fines for data breaches (up to 4% of annual global revenue), require Privacy Impact Assessments (PIAs), privacy and security “by design,” inventories and data mapping of personal information across your business systems, and mandatory appointments of Data Protection Officers (DPOs). You also need to prove that your organization is doing all of these things. This is not a small undertaking – it will require a major shift for many companies, including those that already have a privacy program.

What is the difference between data processor or controller?

As per GDPR, data controller is different from data processor. A controller analyses the purposes and means of processing personal data. On the other hand a data processor is responsible for processing personal data on behalf of a controller.

If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.

However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.

How does complying with GDPR benefit your business?

They are a couple of benefits for organisations to comply with GDPR-

  1. It improves and strengthens cyber security- In this digital era companies cannot afford to take the risk of cyber security ignorance or afford to lose critical data.
  2. Leads to stronger collaboration across business units- GDPR-regulated data can flow throughout all aspects of an organization — from finance to marketing, customer success teams and beyond.
  3. Builds customer loyalty- When your organisation complies with GDPR you build more trusting relationships with your customers.

Rest we can talk about testimonials & our work that had been carried out in GDPR

GDPR –Fix it Fast!

It’s not too late to achieve compliance

Sumeru will help you to quickly implement the key requirements of GDPR that organisations should ideally have taken before the Regulation which are: