TECH LAW ASSIGNMENT

GENERAL DATA PROTECTION REGULATION AND ITS COMPLIANCE

MECHANISMS

INTRODUCTION TO GDPR

Nearly every aspect of an individual’s life is now documented, tracked, or digitalised that includes the slightest of
details like purchases made or pulse counted. A large amount of personal information is collected, stored, or traded
by companies and governments. The new GDPR regulates items that may be used to identify individuals, such as
names, contact information, computer location, and personal data such as race and sexual orientation. GDPR is
being billed as the most significant overhaul of data protection laws in a generation, giving regular people greater
control over the information that businesses collect about them. The General Data Protection Regulation (GDPR) is
the world's most stringent privacy and security regulation. The regulation went into force on May 25 th,2018. GDPR
strengthens Europe's already stringent regulations on what organizations may do with people's personal data.  It
offers greater control over how personal data is gathered and used, as well as forcing businesses to justify their
actions. Organizations will have to establish that they have a legal purpose to keep that type of data going forward.
Even more crucial, they must demonstrate that they are keeping it safe. One of the main concerns of GDPR is
protection of personal data of natural persons.

IMPORTANT ASPECTS OF GDPR

One of the most important aspect of GDPR is that, even though it was written and enacted by the European Union
(EU), it has a significant impact on enterprises outside of the EU, including the United States. It affects each and
everybody that has a business with EU. Ultimate concern is the citizens of the EU and GDPR applies in all the 27
countries that come under the EU and to organizations based outside EU, that operate in the EU’s market. Millions
of individuals outside of Europe will be affected as well because any firm that sells products or services to EU
inhabitants, regardless of its location, is subject to the legislation. As a result, GDPR has the potential to affect data
protection standards throughout the world.

The second aspect is if the companies do not comply with the GDPR. The penalties for breaking the GDPR are quite
severe. There are two levels of fines, the highest of which is €20 million or 4% of worldwide turnover (whichever is
greater). Businesses may avoid hefty penalties while also increasing consumer data security and trust by adhering to
GDPR rules. Fines apply to both large and small-medium businesses: the European Data Protection Board revealed
in a preliminary report that the average GDPR fine has been about 66,000 euros, minus the 50-million-euro
punishment Google got from the French data protection agency. It’s not surprising that the businesses are nervous
about GDPR as the potential penalties for firms are massive. GDPR is applied when personal data is processed
within EU’s regulatory competence, within these 27 countries and their overseas territories put together and when it
doesn’t come under an exceptional situation (like right to privacy of another person).

BASIC PRINCIPLES AND PROVISIONS UNDER GDPR

There are 99 articles and 173 recitals under GDPR compliance. Some of the key requirements and provisions are as
follows:

Recordkeeping: Controllers and processors must retain written (or electronic) records of processing operations,
according to Article 30 of the GDPR.

Officers in charge of data protection: Organizations that monitor data subjects on a large scale on a regular and
systematic basis must designate a data protection officer to act as a connection with the supervisory authority,
monitor compliance with the GDPR, and inform and advise the business on their GDPR duties.

Legal basis and lawfulness of processing: Article 6 of the GDPR outlines six legal bases for controllers to process
data that includes the vital interest of the individuals as well as the public interest.

Right to be forgotten: As mentioned in Article 17, people can ask for their data to be erased. Personal data must also
be transferred using a standard file format. The right to be forgotten, however, is not absolute, and certain
requirements must be met.

Transparency and Communication: Article 12 of GDPR explains how data is processed in “a concise, transparent,
intelligible and easily accessible form, using clear and plain language”.

Article 2- Material scope: This Regulation applies to the processing of personal data that is done entirely or partially
by automated means, as well as the processing of personal data that is done otherwise than by automated means and
is part of or intended to be part of a filing system.

Article 3- Territorial scope: Regardless of whether the processing takes place in the Union or not, this Regulation
applies to the processing of personal data in the context of the activities of a controller or processor in the Union .
IMPACT AND OPINION OVER GDPR

The European Union published a report into one year of the implementation of GDPR and the report mentions that
majority of Member States have established the required legislative framework, and that the new mechanism for
enforcing data protection laws is taking shape. Most of the issues raised by Member States and others are expected
to gain from further experience with the Regulation's implementation in the coming years. In my opinion, GDPR
can be an opportunity for major corporations to re-establish trust with their consumers following data-misuse
controversies but as GDPR is a broad regulation and can contain loopholes, that might lead to large businesses
getting away and continuing to hoard personal data. In the last two years of implementation of GDPR, there are still
more than 27% companies are yet to begin the process of becoming GDPR compliant. Its difficult to analyse the
long-term impact but citizens are growing more aware of their rights, while businesses are establishing a compliance
culture. At the same time, worldwide convergence toward strong data protection standards is occurring. So we can
conclude that GDPR might create new challenges for business but it also creates big opportunities for businesses
and protects the rights of consumers.