A tectonic shift: EU's data protection rules have key pointers for India

EU citizens receive the right to be 'forgotten' - they can ask data controllers to erase personal data under certain circumstances

The European Union's General Data Protection Regulation (GDPR), which comes into effect from Friday, places great emphasis on concepts such as informed consent and the maintenance of privacy. Any organisation that controls or processes data of any EU resident must comply with the GDPR, or face the prospect of paying hefty fines of up to 20 million euros, or 4 per cent of annual global revenues, whichever is greater. The GDPR is based on "privacy by design", a concept that asks businesses to continuously and proactively review data protection and design future software architecture, keeping data protection in mind. It