Data Protection has been in the limelight whether it is Google, Facebook, Mastercard, and many more such companies. All have proved their part but let us understand the laws in the AMEA region.
LawWiser brings you a Conversation with Ojasvita Srivastava, General Counsel – Securitas Group AMEA.
In our One-on-One Series
In this video, you will understand the Data Protection Laws in the AMEA region. To get featured in more such conversations, write us on [email protected]
What Is Data Protection Compliance?
Data Protection Compliance is the requirement to adhere to laws governing data processing. Before GDPR, the EU was bound by the guidelines set out in Data Protection Directive 95/46/EC that ensure the privacy of individuals about their personal information and their free movement.
Besides GDPR, other data protection laws are important for your business. You should develop a comprehensive data security policy to protect your customers’ personal information.
It should be transparent about the purpose of collecting and using the data. The GDPR is a complicated regulation, and your company will need a dedicated compliance officer to meet these requirements.
The GDPR also applies to third-party vendors. In case you are working with any external partner, make sure they have an adequate security policy in place.
How has the Data Protection Law in India evolved?
In India, the Information Technology Act 2000 governs data. The act covers all IT activities and is designed to ensure privacy. It also imposes obligations on entities handling sensitive personal data and provides compensation in cases of harm. It is one of the most comprehensive laws governing personal data.
GDPR passed the way for data protection. The permission requirement for transferring data is similar to other countries but not as strict as in Singapore, Hong Kong, etc.
One of the most important elements of GDPR compliance is the principle of purpose limitation. This regulation binds companies to only personal process data for specified, legitimate purposes. It means that a company must make it clear to users why they are processing their information.
With the lockdown and pandemic, remote working has increased. Most organizations have data centers for a region.
Strictest compliance for the transfer of personal data:-
1. To seek express permission of individual/ employee/ client
2. Or transfer to a jurisdiction having similarly compliant law as the home jurisdiction
Compliance with GDPR in the Region (EU national’s data)
For EU nationals in another region, companies can comply with the data protection with express permission. Companies need to be compliant with local data protection laws.
Despite the complexity of the new laws, companies need to comply with them. There are numerous regulations for data processing, which can help ensure that your business stays compliant with data protection laws. It also helps to have a designated DPO team responsible for data protection and compliance, and some jurisdictions require the appointment of a DPO.
Methods of Compliance Followed by Different Companies
It is a three-step process:-
1. Study the data protection laws of the country operating.
2. What are the laws where the data center is located.
3. A comprehensive review of the internal process of data protection.
4. Penalties for non-compliance in India are not very strict compared to GDPR.
5. GDPR has high penalties for non-compliance
While GDPR is not the only privacy law globally, it was the first and most comprehensive. It was designed to completely reflect the new digital age in how we manage our data. The GDPR requires that all companies follow strict data protection laws to avoid fines.
The GDPR is the most important legislation regulating data and preventing misuse. If your business is not up to the task, consider hiring a professional to care for your compliance needs.