Data Protection and Privacy Implementation

This book is on Data Protection and Privacy Implementation and has been written in the context of recent global developments on the data privacy front. The book has been co-authored by RK Dubey, ex-CMD, Canara Bank and Ajay Kr Verma, who was the Program Director and Business Head with Hewlett Packard Enterprise Services, India for its BFSI operations in eastern region. Kiran Karnik, former President of NASSCOM has written foreword to this book. The primary objective of this book is to provide an understanding of the new data protection regulations in simplified terms and serve as a self assessment tool and implementation guide. The European Union - General Data Protection Regulation (GDPR), implemented last year on 25 May'2018, has been a landmark development, in data privacy. The California Consumer Protection Act (CCPA) is a foremost data privacy legislation passed in US and takes effect from 1st Jan'2020. Similar regulatory developments are taking place in many countries across the world. In India, Justice Srikrishna committee has submitted 'Personal Data Protection Bill', to the Government and the same is expected to be enacted soon. This will have far reaching repercussions and shall bring significant compliance obligations on the industry. The book provides a high level of view of the global data privacy frameworks and major regulations across countries including FIPPS, HIPPA, OECD guidelines, APEC privacy framework, EU directive 95/46/EC and GDPR, which have contributed to the prevailing data privacy laws. The book covers various provisions of India's Personal Data Protection Bill - data protection obligations, lawful grounds for processing, rights of individuals, transparency & accountability requirements, cross border data transfers, Data Protection Authority, appellate process and various penalties provisions. It provides a detailed guidance along with templates for self assessment and implementation across industries, in particular the small and medium business segment. It details steps for a data privacy implementation covering: -Define data privacy policy & compliance framework-Lay down methodology for data mapping and gap assessments-Imparting training & creating awareness of users-Develop privacy notice and contents-Role of Data Protection Officer-Steps for Data Privacy Impact Assessments-Conduct of data audits-Implementation of various security safeguards including ISO/IEC 27001-Deployment of privacy enhancing technologies. The book also brings an industry perspective of the compliance expectations and challenges. CEOs and industry leaders from various consulting organizations and sectors- Banking, Financial services, Health and Education- have contributed to this effort, by sharing their views on various provisions of the regulations and challenges expected in compliance.