| | November 20188CIOReviewhe EU General Data Protection Regula-tion (GDPR) has undergone the most important change in data privacy regula-tion in twenty years. The changes came into force in May 2018. The new regula-tions give data subjects significant new rights over col-lection, processing and transfer of their personal data by data controllers and processors in the course processing activities related to the offering of goods and services to such data subjects in the EU.The companies dealing with EU residents have un-dertaken many steps to ensure compliance with new re-quirements. Many organizations have updated their data privacy policies in addition to other measures around data flow and processing within internal processes. Other countries are also following with stricter data privacy regulations in view of a personal data breach at a popular and global social networking site. The Personal Data Protection Bill in India also includes provision for imprisonment in case of breach related to personal data. This is under draft stage, but it gives enough indication as to the global trends in personal data protection laws.We'll analyze two incidents and review the implica-tions in light with emerging global regulations. Incident OneIt was a courtesy call by a marketing executive of a host-ing company we engaged for some hosted application ser-vices this time it was from an unknown number and not his known contact number. It turned out that he joined a different company recently and was exploring possibil-ity of business with the new company. When the com-pany approached us, he was representing the company and was designated the single point of contact from the company. We exchanged business cards and he had my direct contact number. I shared my contact with the host-ing company with specific instructions that it should not be shared further among the teams and only one person should contact me for any technical or commercial issue. The company had necessary protect in place in CRM sys-tem and got official mobile surrendered when the person left the company, but it was not aware that the person had a backup of mobile address book and restored it on his new mobile and connection.The name, contact number and position of a customer contact is a personal data. It has been a common prac-tice among marketing teams to maintain these data in spreadsheets, phone address book, PIM such as Outlook or simply in business card holders. What happens when TSCENARIOS AND CHALLENGES IN PERSONAL DATA PROTECTIONBy Ajay Kumar, Group Head IT, PolyplexIN MY OPINIONPolyplex is one of the largest producers of thin polyester film that manufactures Biaxially Oriented Polyester (BOPET) Film for packaging, electrical and other industrial applications. The company has manufacturing facilities in India, Thailand and Turkey.
<
Page 7 |
Page 9 >