The document discusses the key aspects and requirements of the European Union's General Data Protection Regulation (GDPR) which takes effect in May 2018. It overviews the goals of the GDPR to give citizens control over their personal data and simplify regulations for international business. Some key points covered include territorial scope and application to non-EU organizations, data subject rights, security breach notification requirements, appointing a data protection officer, and strategies for implementing GDPR compliance.

1. European Union General Data
Protection Regulation(EU GDPR)
(May 2018 Implementation Date)
RAKESH CHANDRA
BUSINESS ANALYST

2. EU GDPR(General Data Protection
Regulation)
(Regulation (EU) 2016/679)
• The three Authority in Europe like European Parliament,
the European Council and the European Commission have
unified the data protection law for all individuals within
the European Union (EU) by passing the new GDPR(General
Data Protection Regulatory) Regulation & it will replace the
Current Data Protection Directive (officially Directive
95/46/EC),1995 Regulation.
• The main objectives of the GDPR are to give citizens and EU
residents back control of their personal data and to simplify
the regulatory environment for international business by
unifying the regulation within the EU.

3. Impact of GDPR Change
• Territorial & Digital Application:
The GDPR applies to non-EU organizations if they
offer goods or services to EU residents; or monitor the
behavior of EU residents. So EU GDPR law will
subject to specially Online business.
• Authorization:
In order for the processing of personal data to be lawful,
the controller requires either the Authorization of the data
subject or another lawful basis.

4. • The Personal Information or data is any information relating to an
individual, which is relates to his or her private, professional or
public life. Some data element example are name, a home address,
a photo, an email address, bank details, posts on social networking
websites, medical information, or a computer’s IP address.
• On the Data Breach case GDPR can be fined up to 4% of annual
global turnover or €20 Million (whichever is greater).

5. • Rights of data subjects
There are Some existing rights & created new as well as for data
subjects in the GDPR. These rights may make it harder for
organizations to lawfully process personal data. Some rights
example are:
 Right to be forgotten
 Right of rectification
 Right to restrict processing
 Right of data portability
 Right to object to processing
 Right to object to processing(For direct marketing, Scientific,
historical or statistical purposes)
 Right to not be evaluated on the basis of automated
processing

6. • Data breach notification (72 Hours):
The GDPR requires businesses to report data breaches to
the relevant DPA within 72 hours of detection.
• Data Protection Officer ("DPO") Appointing:
Organizations that regularly and systematically monitor
data subjects, or process Sensitive Personal Data on a
large scale, must appoint a DPO. A Data Protection Officer
("DPO") is a person who is formally tasked with ensuring
that an organization is aware of, and complies with, its data
protection responsibilities.

7. • Cross-Border Data Transfers
Cross-Border Data Transfer within a corporate group may
take place on the basis of Binding Corporate Rules
("BCRs").If the BCRs meet the requirements set out in the
GDPR, they will be approved, and no further DPA approval
will be required for transfers of personal data made under
the BCRs

8. GDPR Implementation Strategy
Stage 1
• Maturity Assessment
• Gap Analysis
Stage 2
• Transformation Strategy
• Impact Assessment
Stage 3
• Assurance & Stress Testing
• Personal Data Manage & Privacy Services

9. Implementation Process
• Gap analysis: Identifies gaps, proposes solutions and defines high-
level roadmap to compliance.
• PII(Personal Identifiable Information) Identification and Data
Mapping: Identifies the location and flow of Personal data in
business and IT Application and highlights areas for improvement.
• Incident management(IM) process: Review the processes for
identification and confirmation of a Data breach to meet the
notification timescale as per GDPR.
• 3rd Party assessments: Create and implement Solution to evaluate
security controls of third parties processing Personal Identifiable
data.
• Impact Assessment: Define and Implement the Impact Assessment
for Data Protection.

10. • Consulting & Data Protection Design : Consulting guidance for
technical solutions to meet GDPR requirements when implementing
Analytics data protection based on Data Protection Steps
***********************