Tel No. (+91) 98440 42424

General Data Protection Regulation (GDPR)


The GDPR is expected to increase data protection standards globally as its remit expands beyond the EU, in particular to non-EU organisations which offer goods or services to EU residents or monitor their behaviour, even where that processing of personal data does not take place in the EU. As a result, those non-EU organisations will also be required to comply with the GDPR.

With the impending due date of the GDPR in less than one year, we are now seeing many of our clients implementing the changes required to comply with the GDPR’s standards. In addition, the Office of the Data Protection Commissioner has increased its GDPR awareness campaigns.

As a Regulation (which has direct effect under Member States’ laws), the GDPR will replace both EU and national data protection legislation.

In Ireland, the GDPR will replace the 1995 Data Protective Directive (Directive 95/46/EC), which is the EU Directive on which the current Irish data protection legislation, the Data Protection Acts 1988 and 2003 (as amended), is based.

Since the 1995 Data Protection Directive was introduced, there have been significant advances in technology and the uses that organisations can make of personal data has become increasingly sophisticated.

It also became apparent that there are differences between Member States in terms of how they have implemented the 1995 Data Protection Directive, which has caused compliance difficulties for organisations that operated in a number of different EU jurisdictions.

For these reasons, it was decided at an EU level that data protection law reform was needed to make Europe fit for the digital age, strengthen citizens’ rights in the digital age and also to eliminate the current fragmentation in implementation between Member States.

Main Events

14 April 2016:
After four years of negotiations, the European Parliament adopted the final text of the GDPR on 14 April 2016. We have set out a brief timeline of the main events leading up to the GDPR’s adoption.

25 January 2012:
The European Commission published the first draft of the GDPR.

12 March 2014:
The European Parliament adopted a number of proposed amendments to the European Commission’s draft text of the GDPR.

16 December 2015:
the European Council published the final text of the GDPR on the 16 December 2015.

8 April 2016:
The European Council adopted the final text of the GDPR.

14 April 2016:
The European Parliament voted to adopt the final text of the GDPR.

27 April 2016:
The European Parliament signed the final text of the GDPR.

4 May 2016:
The GDPR was published in the Official Journal of the European Union and will apply after a two year implementation period from twenty days after its publication in the Official Journal (i.e. 25 May 2018).

Cyber Security Requirements

Defines lawfulness of processing data to include consent by data subjects, privacy by designing, the right to be forgotten and data portability requirements

Outlines responsibilities of controllers and processors

Requires Privacy Impact Assessment and appointment of a data protection officer

Enforces strict breach notification requirements

This regulation is unprecedented, and it is imperative your organization develop a plan for execution to include people, process and technology. Your security department should assess itself across the six key security components of GDPR and develop a business aligned plan in conjunction with the IT and legal teams.

Data Governance

Understand GDPR regulations as it relates to the business and then activate a plan to meet those obligations.

Data Classification

Analyze what data within the environment is relevant to GDPR and develop proper classification scheme for ongoing data management.

Data Discovery

Determine where sensitive data is stored across your environment and set up policies and procedures to manage it.

Data Access

Recognize who has access to data and set up policies and procedures for access management and governance.

Data Handling

Prepare for the chance of an incident, ensure that plans are in place to meet GDPR obligations regarding the handling of sensitive information.

Data Protection

Plan, build and run an appropriate security program for the protection of sensitive information.


SMCPL has the proven ability to look at your organization's security and privacy program holistically. Our goal is to help your business evolve and improve your security program, and as a result, meet GDPR requirements, not the other way around.

SMCPL can help your organization to not only create a plan, but execute and maintain that plan to include people, process and technology. If you are just getting started or already executing to a GDPR roadmap, SMCPL provides solutions to reach GDPR compliance without the noise.

The time has come to execute – a great place to start is with SMCPL’s GDPR Readiness Review and implementation