Month: April 2017

The globalization of Indian IT business has created many challenges to the Indian economy as a whole and in particular to certain domain specific regulators. One such regulator who finds himself frequently under a bind is RBI while regulating the Foreign Exchange transactions. Over the years the strict regulations under FEMA have been diluted and …

GDPR is an extension of the earlier Data Protection regulation present in EU and hence the Privacy Principles included in GDPR as a “Right of the Data Subject” are not unfamiliar to the data processing community in India. However, in view of the huge penalties envisaged under the regulation, it is necessary for data processors …

As we have seen earlier, GDPR provides for certain flexibility to allow transfer of data to countries which donot fall under the “Adequacy” provision through measures such as Appropriate Safeguards and contractual commitments. Additionally the Competent Supervisory authority of a Member Country can approve “Binding Corporate Rules” (BCR) as a mechanism to permit transfer of …

Under GDPR, there is a provision for the Union to declare a third country as a country to which transfer of personal data of EU citizens can be freely permitted without need for further formalities if the country has been assessed for adequate data protection regulations. As we have discussed in our previous article   despite …

One of the key concerns associated with EU data protection regulations is the possibility of a transfer of data from EU to India for processing being blocked by virtue of the legislation. This threat was present in the Data Protection days and will continue in the GDPR days. However, in order to understand the impact …

Privacy protection regime has been aggressively pursued by EU for a long time.  GDPR is an extension of this aggression where the penalties proposed are threatening. Hence though the principles of privacy protection envisaged under GDPR is commendable, there is discomfort on the attempt to impose extraordinary penalties. The global community is worried that the …

The first question that an Indian Company needs to satisfy for itself is whether it is at all exposed to the provisions of the dreaded GDPR and if so whether there is need to respond. It must be clarified that Indian Companies appreciate the principle of Privacy and the need to protect privacy in data …

Indian IT industry has a high stake in the outsourced business from US and EU, UK markets. A good part of this outsourced business involves processing of “Personal Data” of data subjects of the respective country. As regards US, India has many processors who process health data and are accustomed to complying with HIPAA and …