GDPR Readiness Assessment

The European Parliament adopted the General Data Protection Regulation (GDPR) in April 2016 and enforced it since May 25, 2018. It seeks to protect the fundamental rights and freedoms of natural persons in the EU and in particular their right to the protection of personal data. However, GDPR has extra-territorial jurisdiction. This is because, any entity, irrespective of its location (whether in Europe or out of Europe) that controls or processes the personal data of a natural person in the EU is required to comply with GDPR.

Many Indian companies handle the EU data by virtue of businesses outsourced to them by EU businesses and hence, has become subject to compliance under GDPR. Besides, the Indian IT Act 2000 and its amendments (IT Amendment Act, 2008) and also the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 have introduced various provisions with respect to data protection and privacy applicable in the Indian context.

As such, data protection and privacy responsibilities have become default requirements on the part of Indian businesses irrespective of whether EU data is handled by them or not. Further, in the context of the evolving cyber security challenges and cybercrimes, assumption of the said responsibilities has become indispensable.

Confinav offers several services, as follows, towards ensuring data protection and privacy:

• Assessment of prevailing maturity level

• Gaps identified between the extant maturity level and the level of maturity required

• Preparation of Data Protection Impact Assessment (DPIA)

• Reporting on what needs to be done

• Post implementation test of design and operating effectiveness

• Gap analysis and recommendation of remedial measures

• Remediation Testing and report submission