The key aspects for Indian organisations to be mindful of, to take stock of their GDPR readiness and to identify major gaps that need to be plugged, are:
Another thing that Indian organisations need to pay attention to here is identifying their role in the data hierarchy, and the corresponding responsibilities. The GDPR classifies data handlers under the following two categories:
Data processors must also sign confidentiality agreements with personnel who work with personal data of EU citizens, and delete/ return all personal data to the controller at the end of service. Ensuring the security, confidentiality, integrity, availability, access control, and resilience of the personal data handled also falls under the ambit of data processor responsibilities.
In addition to their individual responsibilities, controllers and processors share certain common responsibilities under the GDPR. They are required to maintain records of data processing, comply with the code of conduct or with an approved certification mechanism, and to implement appropriate technical and organisational measures to ensure security of personal data. Both controllers and processors are also required to undertake regular risk assessments, testing, and monitoring in order to identify existing or prospective vulnerabilities in their systems, as well as to review and upgrade the technical and procedural safeguards from time to time. Data handlers also need to implement SOPs for identifying potential data breaches.
Getting business operations compliant with the new data protection law requires significant investment of time and restructuring of existing processes and systems. This is where MDR service providers such as Paladion step into the picture. With a four-phase approach, Paladion can help businesses in fast-tracking the compliance efforts, in addition to ensuring regular monitoring and maintenance for continued compliance.
The GDPR is a revolutionary step towards ensuring adequate security and protection for personal data, but meeting its compliance requirements will be difficult for organisations. With many organisations struggling to implement adequate measures, market studies estimate that the EU could end up collecting up to $6 billion in fines and penalties in the first year alone. With Paladion’s high-speed approach, Indian organisations can ensure that they are able to avoid the ignominy of making the non-compliance list by meeting each of the stringent requirements of the articles of the regulation.