Topics In Demand
Notification
New

No notification found.

Re: What should research firms do to comply with GDPR?
Re: What should research firms do to comply with GDPR?

March 27, 2018

343

0

 

 

  1. How does the new GDPR regulation impact research firms in terms of their operations (project delivery) and business development? If research firms are mining data or using data from EU region and it contains their Personally identifiable information then it certainly fall under GDPR scope. Or simply if you have an EU office then also it applies to you.
  2. What would it take to provide comfort to our existing/ prospective clients? To come up with a Privacy Notice – with assurance and awareness on your data handling ( privacy) practices. Including training to your staff on GDPR ask. Transparency and Accountability on Privacy.
  3. What steps does a research firm need to take to ensure compliance? Map your data flow , clarify the legitimate processing grounds,  anonymise or pseudoanonymize the data that you use for your research. And have a data protection impact assessment done  on high risk data elements (with direct PI intervention).
  4. Is it possible for relatively smaller business with budgetary constraints, to implement the compliance steps internally without external/ third party support?  You can, but its advisable that you seek SME guidance or hire a resource.
  5. What is the timeline for compliance? You should be GDPR ready by 25th May 2018.

 


That the contents of third-party articles/blogs published here on the website, and the interpretation of all information in the article/blogs such as data, maps, numbers, opinions etc. displayed in the article/blogs and views or the opinions expressed within the content are solely of the author's; and do not reflect the opinions and beliefs of NASSCOM or its affiliates in any manner. NASSCOM does not take any liability w.r.t. content in any manner and will not be liable in any manner whatsoever for any kind of liability arising out of any act, error or omission. The contents of third-party article/blogs published, are provided solely as convenience; and the presence of these articles/blogs should not, under any circumstances, be considered as an endorsement of the contents by NASSCOM in any manner; and if you chose to access these articles/blogs , you do so at your own risk.


© Copyright nasscom. All Rights Reserved.