As GDPR is enforced, companies in India are facing heat now. Due to huge movement of PI at any stage of process companies are bound to comply with GDPR to make sure privacy of data subjects are not compromised.
Bangalore, being a hub of BPO, KPO and IT companies is facing challenge of compliance. Initially GDPR compliance was thought to be restricted to DPA (Data Protection Addendum) but now clients are asking for more specific demonstrable evidences to ensure their processors are actually compliant.
As GDPR will mature companies will understand that there is no shortcut but to ensure GDPR compliance as their routine business activity i.e. all processes should run though compliance checklist (Audit) and ensure all relevant actions are taken on frequent basis and demonstrable evidences are produced as routine business .
Most important demonstrable evidence will be GDPR Audit as per EU norms and without this compliance cannot be completed
Our GDPR audit program emphasize on 14 privacy management categories and ensures evidences are created at all stages to prove compliance is in place. Primary categories are
- Checks on processing activities and personal data inventory
- Checks on privacy policies and privacy notices
- Embed data privacy into operations
- Checks on training and awareness programs
- Checks on information security risks
- Checks on third party risks
- Checks on DSAR
- Checks on DPIA and LIA
So what will change?
- Your business development approach
- Your client support approach
- Handling of personal information of individuals
- Imposing data minimization on all business activates
- Rights of data subjects and how to handle that from sales/support representative level
- Time till you keep personal information of individuals
- How to handle Employee/contractor information
- How to make sure you produce demonstrable evidences to ensure compliance is in place.