In 1995, European Union issued a directive called EC 95/46. The directive was to be adopted by every country independently depending on their local practices. The European Commission has now decided to consolidate all country requirements/ practices into one single regulation which is called EU General Data Protection Regulation. The key difference between a directive and a regulation is that the regulation uniformly applies to all countries without any change.
The objective of GDPR is around protecting personal identifiable Information of European citizens. Over the last decade, organizations have collected PII of citizens for business purposes such as providing analytics, customer enrichment, etc. Given the GDPR announcement, these organizations have to adopt and implement data protection practices to align to the requirements of the regulation.
Partner and Leader, Cyber Security, PwC India
Tel: 022 66 691 559