Data Protection
The companies that do the best job on managing a user's privacy will be the companies that ultimately are the most successful.
- Fred Wilson
Data Privacy is typically defined as the way of keeping the Personally Identifiable information secure, whereas Data Protection is the protection of unauthorised use of data. Some believe that it is a terminology difference between the US and the Europe. EU prefers to use the term “Data Privacy” whereas US and the proposed Indian law calls it as “Data Protection”.Data (Informational) Privacy has become one of the key compliance risks in organizations today. With the dynamics of the world shifting to becoming “Information sensitive” from the earlier position of being “information open”, countries are beginning to shape up their laws accordingly.The stone that’s causing a landslide is the European General Data Protection Regulation or GDPR. It has made companies work overtime over the last couple of years and upto May 25, 2018, when it became operational and even thereafter, is due to its extra territorial impact and fines of 20 Million Euro or 4% of annual global turnover (whichever is higher).

Worldwide countries are following suit and adopting the European standards set above. For example, in India, a new bill has been placed before the Government with comparable language and fines. It therefore becomes increasingly important for companies to adhere to the privacy principles wherever they may be operating.

Being in the space for some time now, one of the major concerns of corporates, civil society and state is having proper definitions for each of these nuanced terms and understanding their import in the interplay with the other.

For this the primary steps (and not in any particular order) are:

  • Understanding the privacy principles
  • Understanding the law of a region
  • Detailed awareness sessions on specifics
  • Compliance training
  • Process building
  • Documentation
  • Implementation
  • Maintenance
  • Responding to challenges

We provide Data Protection Advisory and Consultancy which starts from the basic building block i.e. Personal Data and rolling onto a comprehensive due diligence/audit of the Personal Information with your organization and how to comply with applicable laws through the Personal Information Life Cycle (as shown below).

Broad Services:
  • Advisory
  • Consultancy
  • Contractual Requirements
  • Trainings
  • Litigation
Specifically, we provide a bouquet of services ranging from dealing with specific pain points to end to end service in the area of Informational Privacy and Data Protection which includesSpecifically, we provide a bouquet of services ranging from dealing with specific pain points to end to end service in the area of Informational Privacy and Data Protection which includes
  • GDPR Compliances
  • Drafting and negotiating privacy related agreements; Data Transfer Agreements and Data Processing Agreements; policies, procedures, consent and notice mandates
  • Advisory and consultancy on building a Privacy Program
  • Interpreting and implementing the requirements of global data privacy and data security laws
  • Risk assessments for both clients and vendors
  • Litigation on data protection issues
  • DP Audits
  • DSAR requirements
  • Employee Information Management
  • Training modules
  • Litigation