Latest posts by Aastha Tandon (see all)
- Perils of a Migrant Worker - October 24, 2018
- Can’t You Hear Me? - October 10, 2018
- GDPR: A Comprehensive Data Protection Regulation and its Impact on Individuals and Business Worldwide: Part IV Conclusion on GDPR - May 15, 2018
Part IV of the Series Article on GDPR discusses in general where India and the United States of America are placed in the data privacy sector and the legislative strength of the laws prevailing in these countries. It also elaborates on what could be the impact of GDPR.
Part IV Conclusion on GDPR
When the world is moving towards implementation of GDPR, India is still drafting its law on Protection of Data Privacy. However, it is pertinent to note that a lot of data processing activity is being outsourced to India from EU, thus these processors or controllers need to abide by the requirements of the GDPR.
In order to comply with GDPR requirements Indian outsourcing firms that monitor EU Citizen personal data and businesses that provide goods and/or services to EU Member States or to their citizens, would have to be cautious and implement necessary structural and technological changes. In a way, GDPR has come as a boon to the Indian Legislative body, which has a set model law through which Indian law may be drafted.
Similarly, in the United States of America (hereinafter referred as “USA”), data privacy laws are still at a nascent stage with each state working towards implementing data privacy laws or working on a draft data privacy law.
The EU-US Privacy Shield Principle[i] and the OECD Privacy Principles[ii] were being used to comply with the data privacy requirements by businesses involving intercontinental data transfer. From 25th May 2017, it will become mandatory for every business entity dealing with the processing of personal data of EU citizens to comply with the GDPR. Thus, the EU has become the torchbearer in improving the standard of data privacy of personal data.
It will be pertinent to watch how social media companies and internet search engine companies will implement GDPR, as the scale of operational changes required will be much higher than in any other industry. It can be hoped that all nations across the globe increase their personal data protection standard and more importantly, raise awareness, via training, seminars, education and creative media posts about Data Privacy.
GDPR is the first step towards an international level data protection initiative, which is in line with the pace of global technological growth. This regulation is a good initiative and will serve a tool to bring control over the personal information available online. Only on implementation will we learn of the difficulties, loopholes and challenges, till then all should gear up, be prepared for GDPR and work towards more robust regulations to safeguard people’s information and personal data.