top of page

Understanding General Data Protection Rights (GDPR)

What is GDPR?

The GDPR is a regulation that protects the personal and private data of EU citizens used by public or business authorities. According to Article 1 of the GDPR, it sets out rules relating to the protection of personal information, protects the right to privacy of personal information, and the free movement of personal information within the European Union, without fear of similar leaks. Companies that collect data from citizens in EU countries must strictly adhere to GDPR rules and compliance that could cost companies more.

WHO IS THE GDPR Compliance Text?

The purpose of the GDPR is to establish a common data security policy for all EU members, so that each member state no longer has to write its own data protection laws and regulations in line with the rest of the EU. In addition to EU members, it is important to know that any company that sells goods or services to EU citizens, anywhere, is subject to regulation. As a result, the GDPR will contribute to global data protection requirements.

Data Violations in India

1. Facebook

New York has revealed that a researcher affiliated with Cambridge Analytica (CA), a political party working on Trump's campaign, obtained details of 50 million Facebook users, without their knowledge or consent and shared them with the company, using online information to reach voters on individual social media platforms.

2. Aadhar

The government database is full of personal information of citizens such as fingerprints and iris scans of the eyes of registered Indian citizens. Even companies, such as Amazon and Uber, can look into Aadhaar's database and identify their customers. Anyone in the database can use their data or their fingers to open a bank account, purchase a SIM card, sign up for services, and receive government or financial assistance.

3. 2016 Violations of Indian Banking Information

The 2016 Indian banking breach occurred in October 2016. It was found that 3.2 million debit cards were compromised. The main activists were SBI, HDFC Bank, ICICI, YES Bank and Axis Bank. Many users have reported unauthorized use of their cards in places in China. This has led to one of India's largest credit cards being restored to bank history. The State Bank of India has announced the closure and deposit of nearly 600,000 bank cards.

4. Information That Breaks Indian Government Agencies

More than 6,000 Indian business data was taken from servers and sold on darknet. It is one of the largest data breaches reported in India. Not only access, the hijacker also sold personal information and various business contract documents and was said to have access to the Asia Pacific Network Information Center (APNIC) database.

5. Zomato data breach

The robber stole the email addresses and password details of 17 million users of India's food delivery system, Zomato in May 2017. Zomato reportedly confirmed that no financial information had been reported to be corrupted.

6. Identity Theft

The Tribune newspaper reported that its correspondents were able to obtain names, email addresses, phone numbers and postal codes by typing 12 unique identification numbers of people on a government database, after paying a person about $ 8. To get more money, Tribune said this anyone has provided journalists with software to print unique identification cards for citizens.

7. Indian trains

The Indian Railways online booking site was hacked in May 2016 and it was reported that about 10 million customers were at risk of being stolen from online ticketing portal servers. IRCTC officials also fear that personal information including bank details, date of birth, bank account numbers, telephone numbers, and other citizen information has been sold. The IRCTC did not accept that their online site had been hacked or that any data breaches had taken place.

8. Hitachi Payment Services

The virus was introduced into Hitachi Payment Services programs and allowed criminals to steal customer financial information from many banking organizations. Data breach is a modern offense, endangering the identity and personal information of the victim.

In the case of a data leak, in order for the claim to be successful the plaintiff must prove that-

• That his or her details have been answered, without his or her consent.

• The injury was caused by the complainant as a result of a breach of such information.

• Whether such data leaks could be avoided by the data controller by taking adequate security measures / that such data leaks were voluntarily carried out by the data controller.

Impact of GDPR on India

The General Data Protection Regulation (GDPR) legislated by the EU Parliament is believed to have a far-reaching impact globally. Article 3 of GDPR provides that it shall be applicable to data controllers and processors dealing with personal data of persons belonging to EU nations, irrespective of the fact that the processing takes place in EU or elsewhere. This is a borderless and sector neutral legislation Thereby, the Indian data processing companies handling the data of persons belonging to EU nations shall also fall within the ambit of the said legislation.

Europe has been a substantial marketplace Information Technology Enable Services, Business Process Outsourcing Organizations and pharmaceutical industries in India. Therefore, Indian industries have to comply with these rules, if they have to continue doing their business in EU Countries.

The Indian data processing companies will now have to abide by the General Data Protection Regulation with respect to their EU customers. Indian companies will have to renew their contract with the EU based Data Subjects in accordance with the GDPR. Henceforth, the methodology of data acquisition, processing, management and protection will have to be changed and seen into.

This further becomes necessary because any non- compliance from any industry shall now impose a penalty structure of 20 million Euros or 4% of global turnover.

Though this would require the Indian companies to match the pace of the changing privacy laws, it will also provide a platform to study and update the laws related to data protection and then develop data protection mechanism in India.


1. Physically Read the GDPR

While there are sections which are difficult to decipher and feature more legal language, every person in a position to be affected by GDPR should attempt to read and understand this landmark legislation.

2. Look to Other Organizations

Businesses all over the world are affected by GDPR, not just those in the European Union. If you, or those in your organization, still lack understanding about the needed steps to reach compliance — reach out to those who are compliant. Many businesses will likely share the steps taken to reach compliance.

3. Pay Close Attention to Your Website

Cookies, opt-ins, data storage and more are things that can be easily setup on a website. Their compliance with GDPR is another matter entirely. While many tools used to collect and store contact data have allowed for compliance, it’s up to you to make sure you’re compliant.

4. Pay Closer Attention to Your Data

All data in your organization must comply with GDPR if you have a presence (either digitally or physically) in the E.U. Properly map out how data enters, is stored and/or transferred and deleted. Knowing every route personal information can take is vital to preventing breaches and ensuring proper reporting in the event of data loss.


In this article we can see that with the exponential advancement in the technology, and the number of cases coming up with respect to the data leaks, the fear individuals have regarding their personal data has quite obviously increased and now wants the government to give full protection of their personal data. The data protection of every individual has now become the need of the hour, and now the countries worldwide, like, the European Union needs to readapt from the conventional Right to Confidentiality to acknowledging the Data Protection Rights of the individuals. To ensure this, shifting the burden of protection of the individual’s personal data to the companies who have taken them and processes or controls will prove to be more efficient, as now the companies will be penalised for any leakage of the individual’s personal data and shall be heftily fined.



19 views0 comments

Recent Posts

See All

I. BACKGROUND The advancement of internet trend has caused a shift in the business sector. Many business organisations have migrated to the internet realm of marketing and commerce, inc

Introduction Black’s law dictionary defines Double Jeopardy as: – A second prosecution after a first trial for the same offense. In India, protection against double jeopardy could be an elementary rig

INTRODUCTION Indian Parliament, in the preceding year passed three bills related to agriculture and farming, together known as the Farmers Bill. The Bills include The Farmer’s Produce Trade and Commer

bottom of page