This could be one of the key pieces of legislation for which draft was given on 27th of July 2018, this could be key for each organization dealing with citizen / Resident Personal Information (PI) as

• Proactive compliance could build the reputation as 1st among competition to be trustworthy for citizens.
Or
• Big penalties could throw you out of business with the data breach.

Political parties cutting across the spectrum are debating this big time but seem to be keen to get this act fast. The government has already given the commitment to the Supreme Court for faster adoption of Privacy Law. 60+ major countries already have it. Write to dataprotection@itsimple.in for further information compliance.
Key Highlights in our understanding are :

1. Coverage of PI data
a. Covers any kind of personal data collected, disclosed, shared or otherwise processed within the territory of India Interpretation: Covers any person’s data that’s collected in India, including Indian, NRI, or Foreign person
b. Data Fiduciaries & Processors are covered (organization, communities or individual)

Read: 6 Benefits of Cloud backup Solutions for Small Business

2. Exceptions
a. Anonymised is the exception which allows digital economy & Big data, monetization of personal data.
b. PI used for Personal data
c. Small firms by definition ( <INR 25 Lakhs Annual Revenue or <100 PI in any day)
d. Crime / Investigations / Courts
e. Public Interest by Government / National Security
f. Small global org not in India but neither large scale nor capable to harm subjects.

3. What are Data Principal rights?
a. Confirmation / Access: Principal should be able to get confirmation about personal data with the fiduciary / processor. Should be able to get content of personal data.
b. Correction: Principal should be able to get mistakes & omissions fixed, get updates reflected in data.
c. Portability: Principal should be able to get data in the portable machine-readable format for usage by another Fiduciary.
d. sector-specific Standards could be added
e. Forget Data (balanced with interests of Fiduciaries / Processors): Fiduciary should provide the facility for discarding of data once consent is withdrawn in applicable cases.

Read: 7 Factors to consider while choosing a Cloud Backup Solution

4. What is the obligation of Data Fiduciary?
a. Fair and reasonable processing
b. Purpose Limitation: Data should be only used for the intended purpose and nothing else.
c. Collection Limitation: Only relevant data should be asked for from Principal.
d. Lawful Processing
e. Notice: All related information about capturing, processing, retention, usage of data in simple terms. Also, how to get data fixed, accessed, consent withdrawn, contacting appropriate authority in Fiduciary for request processing.
f. Data Quality: Fiduciary should ensure data completeness and correctness, updates at its end.
g. Data Storage Limitation / Retention Period: Data should be retained only for the required period, and should be discarded afterward.
h. Accountability: Organization should setup framework for ensuring all requirements laid down in the Data Privacy Act.

5. Breach
a. Breach of PI intimation to Principal is optional which is Data Protection Authority prerogative.
b. Need to be intimated only to DPA.
c. Conditions under which it should be only to DPA / otherwise to Principals also to be defined.

6. Data Localisation (Cross-border Flow)
a. Sensitive data to be kept only in India.
b. PI one copy in India.
c. Green signal by Central government needed for movement of Data outside India.

7. Impact on Aadhar:
a. Reporting to DPA for Breach, UIID answerable to DPA for breach reported by Principal sofar it was UIID or court,
b. UIID responsible for the collection, execution, Maintenance as well as breach, is like reporting to the same org for wrongdoing by itself.

8. Penalties (Financial & Civil) & Damages
a. 15 Cr or 4% of Global group turnover (Sensitive Data Breach).
b. 5 Cr or 2% Global Group Turnover (PI Breach) or
c. 5 Year / 3 years imprisonment to individual responsibility. Non Bailable and cognisable

9. Implementations for Fiduciaries & Processors (Organisations & Individuals):
a. DPO for Significant Fiduciary or Global fiduciary, SPOC for rest of fiduciary.
b. Internal Audit. Trust Scorecard for significant Fiduciary.
c. PI identification & Flow,
d. Privacy Objective,
e. Consent Framework,
f. Processes,
g. Internal training,
h. Audits,
i. Incident Management & reporting.

10. DPA / Appellate Tribunal / Supreme Court in that order for Grievances Redressal by principal.

11. Major Difference as compared to other Data Protection Acts

a. Financial Data such as that found in gadcapital.com loans & Passwords in Sensitive data is included no other Data protection law has it.
b. Localisation Copy to remain in India, none as stringent (apart from China) though this could be allowed by Central Government
c. Right to be forgotten This could be refused by Fiduciary / Processor if this violates freedom of speech or practically not feasible.

Background

GDPR (General Data Protection Regulation) is now active in Majority of developed countries with tough fines (4% of Global Turnover & Euro20M) for the offenders. In India a Personal Data Protection Bill has been submitted on 27^th July 2018 and is in the process of debate & adoption.

Explosion of the online Apps and consumer preference to online buying has made the Personal Data of citizens and behavior pattern available to providers. Lot of times, as individual data passes through various channels in such cases, it has led to Individual Data being shared or leaked for commercial reasons. In a recent event, a huge fall was observed in Facebook market cap (approx. $ 120 Billion) because of data privacy laws, which resulted in new security expenses (which means possibly earlier it was not safe) by their own admission.

itSimple

itSimple has been part of multiple discussions at various forums on GDPR / Data Protection Laws & will like to highlight the impact of the GDPR as well as new regulation in India (once in force). In this and subsequent blogs, we shall be sharing the industry wise impact on various sectors starting with the Hospitality Industry (Photo).

Read : Getting Ready for GDPR Compliance in 2018

Hospitality

India is one of the major hubs for the Hospitality. The sector’s total contribution to GDP stood at US$ 208.9 billion (9.6 percent of GDP) in 2016 and (US$ 424.5 billion), 10 percent of GDP in 2027.

GDPR / Data Protections Laws are being adopted by all the leading Hotels across the globe. The reasons why hospitality is one of the most impacted by the Data Protection Acts are:

1. Hospitality Industry focus on HNI & well to do individuals/ organizations, these citizens are most paranoid about privacy
2. Hotels have far too many touch points regarding Personal Information (food habits, daily routine, clothing, favorite entertainments, brand choice etc.)
3. GDPR is applicable to any organization across the globe that stores or processes European Resident data
4. European citizens have business relations across globe.
5. One Data Breach is enough to sabotage organization reputation, and especially loss of business
6. Any decent size hotel has many vendors and lot of individual service providers.
7. Hotels need the “ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. It means they need well designed data protection solution including Backup / Archival solutions and it is required critically across 24×7.

To-do list for all the hotels –

All the leading hotels need to align with the GDPR rules, and sooner or later all the other countries will also follow with their own rulings. So, it is crucial for hotels to create their internal privacy organization and GAD to rebuild.

1. Visibility Mapping of Personal Information (PI)
2. For ensuring a structured methodology execution for change implementation, following steps are suggested:
   1. Privacy Organization structure in company
   2. Privacy Objective,
   3. Policies, Processes,
   4. Internal audits,
   5. Regulatory Compliance Intelligence,
   6. contract management,
   7. Purpose bound usage & Access to Personal Information,
   8. Incident management system
   9. Train of staff about the regulation and its importance
3. Customer Handling
   1. Before soliciting any information from guest take their consent and inform them why the data is needed and what will it be used for?
   2. If a guest request to delete, modify or not provide the data (which is not required by law), honor them as they have the “right to be forgotten” & “Ask back their data”. Hence, it’s the responsibility of hotel people to add some flavors in their hospitality.
   3. Exhaustive Consent framework from in Booking / Check-in forms, from Implicit “take it or leave it” to Explicit “Legal, Notice, Choice and Consent” & “purpose limitation”
   4. Framework for “Ask the data Back”, “Right to be forgotten” for part of personal data.
4. Vendors
   1. Vendors who are getting PI to be “GDPR Ready”
5. IT System
   1. Have a comprehensive approach to data protection including data safety, security, protection, retrieval, disposal and discarding aspects.
   2. To ensure the Backup / Archival, Data Leakage Prevention systems are up-to-date

Read : Indian IT Companies are not ready for GDPR Compliance 2018

Generic Methodology for getting organization ready for GDPR compliance.

1. Introduction to Sponsors / Top Management
2. Mapping of PI
3. Information Life Cycle and flow mapping, each one GDPR compliant.
4. Privacy Organization set up
5. Purpose, Goals & Structure
6. Ecosystem and function mapping
7. Privacy Policies & Processes
8. The mechanism for Regulatory Compliance & Intelligence
9. Managing Contracts
10. Purpose bound usage and access
11. Incident Management System
12. Security
13. Data-centric
14. Privacy by design
15. Backup / Archival / Data Availability, 3 safe / secure copies
16. Training & Awareness

We are only a few days away from GDPR enforcement, and IT firms must prepare for the 25^th May 2018 deadline to have in place new standards for consent and the range of GDPR requirements.

IT Companies need to take actions to comply with GDPR as ignorance can cost huge financial penalties up to €20million or 4% of annual revenue. Getting your organization ready for GDPR compliance would help you to present yourself as ethical, trustworthy and responsible. You need to get prepared before it too late!

In view of the above to discuss and deliberate upon the various issues and structuring an Indian Data Protection Framework, ASSOCHAM is organizing this Global Summit on “Data Protection, Privacy, and Security, Implications for India” on 11th May 2018 at Hotel Le-Meridien, New Delhi.

itSimple is proud to be the Gold Partner and the Speaker on GDPR for the event.

Discussion Areas & Highlights

• GDPR – Not What, or Why; but How?
• Data and Privacy Management in the New Corporate India
• Potential Harms to Individuals and Corporate Data.
• Digital Data Revolution and Digital Payment
• India Data Protection Framework
• Legal and Ethical issues in Disruptive Technologies
• Security & Privacy Issues and Challenges in the emerging business models

We request you to Save your date for the entire day and confirm back such that we could workout for your exclusive delegate Pass and free membership for the event.

Date: 11th May 2018
Time: 10:00 AM TO 6:00 PM
Venue: Le-Meridien Hotel, New Delhi
Call Now: +91-120-4155477
Email: sales@itsimple.in

Business continuity is all about the high availability of your data and losing data can be devastating for any business. It is no wonder that hard disks tend to fail but thankfully hard drives often show some symptoms of their ending life. If your hard drive shows any of these symptoms, you need to back up your hard drive immediately or talk to our Hard Disk Recovery Technical Experts to secure your data before the crash occurs.

Let’s look at some common warning signs of hard drive failures:

Strange Clicking Noises

Sometimes you hear strange sounds like clicking, whirring or whining noises from your hard disk, it may be because your drive is about to die. You need to act very quickly as it is too late already.

Missing files and folders

Missing Files? Are you sure that you saved a file yesterday? Disappearing files and folders are warning sign that your hard drive’s lifetime is ending. Of course, it could be because of viruses but you need to check it immediately.

Frequent Error messages

While running a software or simply moving some files, frequent error messages appear. This strange behavior can happen because of problems with your hard drive.

Slow File Access Times

If it takes really long to access folders and files, it may be because of a failing hard drive. Frequent freezes can be caused by many issues but it is recommended that you should immediately backup your files.

Frequent Crashes

Does your computer crash frequently? Does it show ‘blue screen of death’ especially while booting up? If you find frequent and irregular crashes, it may be a warning sign of your hard disk failure.

Need Help?

When a hard drive shows warning signs, it may be too late already. You should act quickly and backup all your important data before the actual crash occurs. itSimple offers cloud backup solutions and computer hard disk recovery services in Noida with 45+ man-years strong technical team. Contact us immediately to backup and secure your business data.