Recently, The European Union (EU) has approved a policy regarding the protection of people’s personal data. The new policy is called General Data protection Research (GDPR) which empowers the citizen of the EU to have control over their personal data. The European government first adopted the GDPR policy in the year of 2016, replacing the previous data protection policy of 1995 (only for the Europe companies), and now it has been implemented for every company that uses the data of European citizen, including the ones that are in other countries. GDPR policy will cover all the organizations which use the information of European citizens or provide services outside the EU. Many companies in Europe or abroad are changing their policy according to the GDPR, due to which the citizen will get the right to receive clear and understandable information about who is processing their data and could be able to erase it or correct it from the company, in case of incorrect information. Europe Headquartered organizations are also likely to compel all its overseas entity to act according to the GDPR policy to create good corporate governance.  So, all European companies in India like Nestle, Unilever, GlaxoSmithKline, Ericsson, L’Oreal, DANONE, Heineken, Reckitt, Benckiser, Pernod Richard, Mercedes Benz, Volkswagen and many more are likely to implement GDPR policy and also ensures that their partners also act the same.    

There are certain challenges which will be faced by the GDPR policy and data breach is the biggest challenge. If the personal data is breached, people have a right to know about the breach. At that time, the organization needs to notify the appropriate national bodies as soon as possible so that appropriate action can be taken by the citizen to protect its data from being misused. Companies in Europe will face the bigger issue, as they have so many touch points and interfaces with clients, results in the huge collection of data, to protect these data, a huge amount of investment is needed which they are getting from a few investors only. The ethical use of the data could be an issue as most of the organizations are not even aware of who has access or who uses sensitive data within their own environment and no one takes care of toxic data dumps. Outsourcing of data and allowing uninhibited access to vendors and partners can create unprecedented situations. Data management is the need of the society so that personal data could be stored safely.