Why Privacy will become even more important? In a world where more than half the population is online and everything is getting digitised as a matter of convenience and for that matter it is a way of life. Customers today uninhibitedly are sharing and receiving information while using the internet for entertainment, banking, healthcare, and utility purposes consequently continuously adding to a large pool of Data. In a quest to expand the market of products and services, many business entities are now implementing emerging technologies such as artificial intelligence (AI) and machine learning on this customer-generated data to procreate value and insights. As the magnitude of Data increases, there will be a requirement for more sophisticated IT systems to extract value while maintaining privacy. The General Data Protection Regulation paved its way in the wake of emerging Data priorities of organisations in light of safeguarding rights of customers by imbibing a sense of accountability in the way personal Data is shared and used by the organisations.
Emergence of GDPR : After a fair deliberation, on December 15th, 2015, following three years of drafting and negotiations, the European Parliament and Council of the European Union reached an informal agreement on the EU General Data Protection Regulation (GDPR). The objectives of GDPR are to reinforce Data Protection rights if Individuals, facilitate the free flow of personal data in the digital market and reduce the administrative burden. On April 14th, 2016, the Regulation and the Directive were adopted by the European Parliament with the provision of two year window for its implementation from the date of applicability of same. The General Data Protection Regulation supersedes in entirety the 1995 General Data Protection Directive w.e.f May 25th, 2018 and applies directly to each of the 28 EU Member States.
What is GDPR and to Whom it applies: GDPR is an omnibus regulation, by which the EU intends to strengthen and unify Data Protection within the European Union. It applies to any organisation regardless of geographic location that controls or processes the Data of an EU resident. The General Data Protection Regulation dictates what Data can be collected, the need for explicit consent to gather such Data, requirements to disclose any breaches of data, and stronger powers to substantially penalize organizations that fail to protect the Data for which they are responsible. GDPR is attracting significant attention as it introduces provisions for a number of new rights for Data subjects and several obligations which directly impact Data Controllers and Data Processors. Failing to do so will be severely dealt with steep penalties amounting to Twenty Million Euros or 4% of the annual Global revenues or whichever is higher.