personal data, causing EU firms annual administrative burden of close to 3 billion euros. Such as location- services, bi
Your 10-minute guide to
Your 10-minute guide to
GeneralData Data Protection Regulation General Protection Regulation Why was GDPR needed? EU Data Protection Directive (Directive 95/46/EC) allowed individual member states to craft their own data protection laws, which led to a fragmented legal framework. Furthermore, no significant revisions to the Directive since its adoption meant the laws were misfit in today’s advanced and dynamic business landscape Fragmented Laws
Advancements In Technology
Hinder free flow of personal data, causing EU firms annual administrative burden of close to 3 billion euros
Such as locationservices, big data, cloud, social network, and search engines call for much more data to be regulated as personal
Increased Globalization
Inadequate Enforcement
Led to tremendous inorganic growth (e.g. M&A, outsourcing) but little consideration was given to increased cross-border data movement
Meant that even significant infringements still resulted in small fines and liabilities
What is GDPR? Set to replace the Directive 95/46/EC on 25th May 2018, GDPR, is an EU-wide law that intends to harmonize and modernize the existing data protection rules, strengthen Your 10-minute guide to free flow of personal data and leverage individuals’ right to privacy, promote opportunities presented by the Digital Single Market. GDPR:
General Data Protection Regulation Applies to all companies worldwide, processing personal data of EU citizens
Broadens definition of personal data to include online identifiers and address possibility of the subject being singled out
Mandates DPO appointment for large scale data processors
Enforces stringent rules for international data transfers
Imposes fines of up to 20 million Euros or 4% of world-wide annual turnover
Necessitates breach notification to Supervisory Authority within 72 hours and in some cases, to data subjects
Entails data protection impact assessments prior to any risky processing operation
Requires privacy by design (and by default) in products, processes and systems
Benefits to Individuals
Benefits to Companies
Greater control over personal data, including its collection (stronger consent rules) and deletion (right to erasure)
Single law, not the 28 state-specific interpretations Level playing field between domestic and foreign companies
Data portability makes it easier for individuals to change service providers
Data portability allows start-ups access to corporate-dominated markets
Privacy-friendly default settings
GDPR time line (how it happened) 2015
2012
1995 Directive 95/46/EC adopted by EU
Draft of GDPR proposed
2018
2016
Dec: Political consensus on final text
Apr 27: GDPR became a law
May 25: Compliance deadline for impacted companies
How to comply with GDPR? Contact : Mohit Manchanda (Global Head, Insurance Consulting)
+44.7958.400.440
Prakhar Agrawal (Certified GDPR Practitioner) +44.7443.778.776 1. Develop, employ
[email protected] [email protected]
or contract privacy 2. Appoint a Data +44.7801.684.041
[email protected] experts Protection Officer
Wayne Reed (Vice President, Insurance)
EXLservice.com
© 2017 ExlService Holdings, Inc. All Rights Reserved.
9. Promote trainings and increase awareness
3. Understand data and data flows
9 steps to Compliance 8. Monitor and oversee compliance
4. Establish a process for data protection impact assessments
7. Revisit vendor contracts and selection strategy
5. Update policies and procedures, develop KPIs 6. Implement controls and safeguards
Contact :
Get started today
Mohit Manchanda (Global Head, Insurance Consulting)
+44.7958.400.440
Mohit Manchanda Prakhar Agrawal Prakhar Agrawal (Certified GDPR Practitioner) VP, Head of Insurance Consulting Certified GDPR+44.7443.778.776 Practitioner
[email protected] [email protected] Wayne Reed (Vice- President, Insurance) +447958400440 mobile +447443778776+44.7801.684.041
[email protected] Wayne Reed
[email protected] VP, Insurance
[email protected]
[email protected] +447801684041
EXLservice.com © 2017 ExlService Holdings, Inc. All Rights Reserved.