Taming the Monster of GDPR

GDPR has come into effect since yesterday along with the UK Data Protection Act 2018. Together these legislation are completely changing the IT business landscape in India. Already an Austrian Data Privacy Activist Max Schrems has launched three complaints worth a total of Euro 3.9 billion against Facebook, WhatsApp and Instagram through regulators in Austria, …

Read More Taming the Monster of GDPR

UK DPA 2018 becomes effective from 25th May 2018

Racing against time with the implementation of GDPR, UK authorities have completed the formalities in introducing the new version of Data Protection legislation effective from 25th May 2018 co-terminus with the applicability of EU GDPR. This will continue even after BREXIT. UK-DPA 2018 should be considered as an extension of GDPR and entities to whom …

Read More UK DPA 2018 becomes effective from 25th May 2018

The Role of DPOs under GDPR and the need for Indian Association of Data Protection Professionals

GDPR which is coming into full force on 25th May 2018 is aimed at protecting the Privacy interests of EU citizens under the EU constitution. However, the EU Commission believes that it has a role in protecting the privacy of the global community and uses its commercial clout as a collective economic entity to project …

Read More The Role of DPOs under GDPR and the need for Indian Association of Data Protection Professionals

Data Processing Association of India is required in India to defend against GDPR

The earlier article on GDPR entry into India being like a Vasco Da Gama discovery of India, has attracted some interesting reactions from some industry professionals. While we may accept that the intention of GDPR is to protect the Privacy of natural persons and therefore there are “Data Subject’s Rights” including “Right to Erasure”, “Right …

Read More Data Processing Association of India is required in India to defend against GDPR

Is Business Contact Data considered as Personal Data under GDPR?

One of the questions that is bugging Companies engaged in some kind of marketing to corporate executives is whether a “Work E-Mail”or “Work Phone number” , which is the “Business Contact Information” (BCI) qualifies itself as “Personal Information” (PI) under GDPR. If BCI is PI then companies need to scrap any such information they might …

Read More Is Business Contact Data considered as Personal Data under GDPR?

Data Porting under GDPR is good in theory but challenging in practice

Data Portability is one of the contentious issues of the GDPR from the compliance angle. We had discussed the “Theory of Dynamic Personal Data” in one of our previous articles. That concept would be relevant to address the issue of Data Portability as envisaged in GDPR. Article 20 of GDPR states as follows: Article 20: …

Read More Data Porting under GDPR is good in theory but challenging in practice

Definition of “Undertaking” under GDPR needs to be Debated

GDPR is liked by some as a good law to protect privacy of individuals and is often looked upon as an “Emerging Standard”.  Many companies are working towards calling themselves “GDPR Compliant” since it makes a good marketing sense though GDPR does not apply to them. Even the Whitepaper on Data Protection Law which the …

Read More Definition of “Undertaking” under GDPR needs to be Debated