GDPR (General Data Protection Regulation) the new Data Protection regime from the EU will be implemented from 25th May 2018.
The GDPR has attracted attention because of the large penalty for non compliance that the regulations envisage . (Upto Euro 20 million) and also since it is sought to be imposed even on Companies which may not have a permanent establishment in EU.
However, since the EU companies engaging the services of Indian Companies for data processing may require the Indian entity to be GDPR compliant, there will be a need for Indian companies to also initiate GDPR compliance steps.
Just as the Business Associates and Sub contractors under HIPAA or ITA 2008 may have to bear a responsibility to provide indemnity to their principals, GDPR contracts may also try to shift the liability of the EU company on the Indian sub contractor if the loss or penalty is due to any act that is attributable to the Indian company.
Hence it is imperative that Indian Companies need to also be compliant to GDPR.
Cyber Law College will be providing an exclusive training program for GDPR compliance by Indian Companies and the details will be shortly updated here.