Infosys has an end-to-end GDPR solution offering framework that spreads across four pillars in our ‘Infosys framework for GDPR’
The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). It also extends the protection of personal data and data protection rights by giving control back to EU residents. The law which will become effective from May 2018 will replace erstwhile EU Data Protection Directive 1995.
Every member state needs to have an appointed supervisory authority who will interact with DPO (Data protection officer) at Controller/Processor level
Non-EU Organizations which process personal data of EU residents or provide services to EU residents will need to adhere to new regulation
Organization processing the data will be required to conduct privacy impact assessments
Organizations need to report data breaches within 72 hours after breach
Organization must inform data subjects of the existence and consequences of any profiling activities which they carry out and obtain explicit consent from data subjects
Data subjects have right to ask for rectification or right to be forgotten
Organizations should develop interoperable formats that enable data portability
Data protection principles should be adopted into product/project design process
This tool provides a quick analysis of where organization stands w.r.t. GDPR compliance based on the responses provided to 20 questions.
You can get the assessment results instantly!
With the GDPR deadline approaching closer, emphasis is given on reducing the monetary risk by providing weightage to GDPR focus areas as per the penalties associated in case of non-compliance. A higher weightage is assigned to GDPR area leading to higher penalties and lower weightage to GDPR area leading to lower penalties
AutoFill your information
The General Data Protection Regulation will come into effect on 25th May, 2018. Any organisation which will not comply with the provision of this regulations will have to pay hefty fines.
If you’re processing EU citizens’ personal data for purposes other than purely personal (or as a public authority), you’re required to comply.
You’re still obligated to comply with the regulation. Depending on your business arrangement, you may be considered either a data controller directly, or a data processor, in which case you’re processing data on behalf of a controller. Responsibility for compliance is shared between both controllers and processors.
Further, if you’re processing EU citizens’ data on behalf of a controller, you’ll need to have specific contractual terms with any controller(s) laying out their expectations with regard to GDPR.
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
This is a significant change from the previous law, which most courts generally agree only maintains jurisdiction over companies with an established business in a particular state. The law will impose significantly greater fines for data breaches (up to 4% of annual global revenue), require Privacy Impact Assessments (PIAs), privacy and security “by design,” inventories and data mapping of personal information across your business systems, and mandatory appointments of Data Protection Officers (DPOs). You also need to prove that your organization is doing all of these things. This is not a small undertaking – it will require a major shift for many companies, including those that already have a privacy program.
As per GDPR, data controller is different from data processor. A controller analyses the purposes and means of processing personal data. On the other hand a data processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
They are a couple of benefits for organisations to comply with GDPR-
Rest we can talk about testimonials & our work that had been carried out in GDPR