GDPR Consultancy


The General Data Protection Regulation (GDPR) is the new regulation of European Union (EU) which come into force on 25th May, 2018 and its purpose is to provide the enhanced level of data protection for individuals whose personal data is processed. Basically, this regulation protects fundamental rights and freedom of natural person and their right to the protection of personal data.

GDPR contain total Article 99 grouped into chapters 11. This regulation is applicable on all the organizations which
– Collect
– Store or
– otherwise process the personal data of individuals residing in EU, even if they are not EU citizens or
– do not have any establishment in EU but offers goods or services to EU residents.
This regulation is not applicable on
– processing covered by the Law enforcement directive,
– processing for national security purposes
– processing carried out by individual purely for personal household activities.

1.1 Seven GDPR Principles

GDPR defines seven processing principles must comply with-

  1. Lawfulness, Fairness and Transparency,
  2. Purpose Limitation,
  3. Data Minimization,
  4. Accuracy
  5. Storage Limitation
  6. Integrity and Confidentiality
  7. Accountability

Compliance of these seven principles for data protection of natural persons or data subjects is necessary for Data Controllers and Processors. The failure of compliance can lead to substant of fine up to 20 million Euros or 4% of organization worldwide annual turnover whichever is higher.

1.2 Rights to the Data Subjects

GDPR provide certain rights to the data subjects to give individual more control over their data and ensure informed processing of their personal data. The rights of data subjects are-

– Right to be informed,
– Right to access,
– Right to rectification,
– Right to restrict processing,
– Right to data portability,
– Right to object,
– Right in relation to automated decision making and profiling.

1.3 Categories of Data

In GDPR data categorized into two parts: –

  1. Personal Data: – Personal data means information relating to an identifiable living person who directly or indirectly identified using those data. It includes Name, Address, E-mail address, Photo, IP address, Location, Online behavior, etc.
  2. Sensitive Personal Data includes Race, Religion, Political opinions. Sexual orientation, Health information, Biometric data, etc.

1.4 Strategy to strengthen data protection rule

GDPR is ideally looking upon as a strategy to strengthen data protection rule across the EU. The eight major points in the GDPR are: –

  1. Transparency;
  2. Necessity;
  3. Proportionality;
  4. Consent;
  5. Control by data subjects;
  6. Privacy by design and by default;
  7. Accountability;
  8. Data breach notification

2.Benefits of GDPR

The compliance of GDPR has plenty of advantages for organizations like: –

– Gain and improve customer confidence
– Provide better planned data security
– Better alignment with technology
– Enhance brand value
– Effective marketing

3. Why GDPR compliance important for organization?

The data is the new oil of the century and the protection of data has become a huge concern for organizations specially when the GDPR puts more control and protection in the hands of customers. For organizations implementation of GDPR is not just a regulatory obligation but a means to achieve business and technology alignment which aids better customer relationship, effective marketing, enhance brand value, and so on.