What is
GDPR?

The General Data Protection Regulation, or GDPR, was adopted by the European Parliament in April 2016 and will come into force on 25th May 2018. GDPR aims to harmonise data protection law across member states. View More

The General Data Protection Regulation, or GDPR, was adopted by the European Parliament in April 2016 and will come into force on 25th May 2018. GDPR aims to harmonise data protection laws across the member states.

Equally importantly, the new regulation introduces several obligations for organizations that handle personal data such as stricter mechanisms for obtaining consents, timely notification of a breach to the impacted party, keeping the need for personal data to a minimum. Individuals who have provided their personal data will have several rights as per the new regulation such as- rights of access to and rectification of data, the right to object to specific types of processing, the right to restriction of processing, and the right to erasure of data, data portability, etc. These rules apply to both, the EU member states, and to organizations outside the Union when processing the data of citizens within it.

There are stiff penalties for non-compliance. Fines can go up to 4% of the annual turnover or 20 million Euros, whichever is higher. View Less

5 Challenges in Implementing GDPR

1. Identifying location of Personal Data within the organisation

The first step to compliance is knowing where all the Personal Data resides within the company. For example, data can reside in applications, in employee workstations, 3rd party applications, and archived databases, or with an outsourced service provider. Such an activity would have been a difficult challenge in a business-as-usual situation, and now with the fast approaching deadline, it can become a critical roadblock, unless planned and executed well.

2. Steps to follow to be GDPR compliant

Changes demanded by GDPR are not limited to IT. Companies need to look at all their policies, tools, systems, procedures, roles & responsibilities, data flow, etc. to find out all they need to do to be compliant. And GDPR requirements such as Privacy by Design and Privacy by Default may require fairly extensive changes to the enterprise architecture.

3. GDPR as a multi-disciplinary, cross organisation initiative

GDPR is a cross organisation initiative, and will touch multiple functions e.g., marketing, sales, operations, customer service, technology, 3rd parties with whom data is shared, legal, internal audit, and so on. As such getting all the functions to know what they need to do differently, equip them with the right tools and ensure they are working in a harmonious way to meet the needs, will be quite a lot of work in a very short time.

4. Tweaking current technology landscape insufficient

Meeting stringent requirements such as – notifying a breach within 72 hours, right-to-be-forgotten, audit and traceability of all the changes to personal data, etc., are complex asks. Companies are unlikely to meet them seamlessly, without making significant investments in new systems and processes, and more importantly, getting all this in one place, in the very short time remaining to be compliant.

5. Not a one-time compliance project

Systems will evolve, individuals will be more aware of their rights and exercise them, and regulators will become less tolerant to non-compliance. Companies will need to continue their investment in GDPR, and manage this as substantial legal obligations exactly as they meet other such regulatory requirements.

What makes our GDPR offering stand out?

  • Comprehensive end-to-end solution
  • Tool-intensive
  • Jukebox, comprising ready-to-use reference solutions for different GDPR needs
  • Industry-specific toolkit
  • Machine Learning-based implementation and sustenance solution

Insights

GDPR Assurance: More Than Testing For Compliance

GDPR Assurance: More Than Testing For Compliance

– Brijesh Prabhakar
Business Head – Assurance Services

Compliance no longer an After-Thought: What it takes to be GDPR-Ready?

Compliance no longer an After-Thought: What it takes to be GDPR-Ready?

– Soumendra Mohanty
EVP and Global Head – Cognitive & Analytics

Mind the Gap: GDPR Ahead

Mind the Gap: GDPR Ahead

– Rakesh Sancheti
Vice President and Business Head – Analytics, Europe and Nordic

Key GDPR Challenges -<br />Fix the House

Key GDPR Challenges -
Fix the House

– Manoj Shikarkhane
EVP and Global Head – Software Engineering Group

Cyber Security in General Data<br /> Protection Regulation (GDPR)

Cyber Security in General Data
Protection Regulation (GDPR)

– Pradeep Mahangare
Project Manager – Assurance Services

Time for a Reality Check: Are Your<br /> Systems Ready for GDPR Compliance?

Time for a Reality Check: Are Your
Systems Ready for GDPR Compliance?

– Sarbajit Deb
EVP & Chief Business Officer – Nordic Region

Assess your readiness in 4-6 weeks using LTI’s iDiscover tool

Assess your readiness in 4-6 weeks using LTI’s iDiscover tool

Request Complimentary Assessment