How can Infosys help you to be GDPR - Ready?

Infosys has an end-to-end GDPR solution offering framework that spreads across four pillars in our ‘Infosys framework for GDPR’



define & design

Define & Design

administer & implement

Administer & Implement

manage & secure

Manage & Secure

What is GDPR & Why GDPR?

General Data Protection Regulation (GDPR) is an European Union data privacy law that will replace the erstwhile EU Data Protection Directive 1995. The law which will become effective from May 2018, will require enterprises located or doing business in EU countries, to comply with its strict privacy requirements regardless of whether the location of data processing is within EU or outside.

Why is GDPR such an important development?

  • Steep penalties for non-compliance and data breaches
  • Applicability is irrespective of location of data processing
  • Applies directly to data processors in addition to data controllers
  • Several stringent requirements such as privacy by design, mandatory privacy impact assessment, appointment of a DPO

Why should an organization be concerned about GDPR?

  • It is mandatory for organizations who are processing personal data of EU residents across the globe to be GDPR-compliant by 25th May 2018. Failing to do so could result in penalties up to 20 million euros or 4% of worldwide turnover, whichever is higher.
  • Data Protection Officer – Mandatory requirement, which leads to the need of at least 28,000 DPOs [1]
  • 1 Trillion Euros - The value created through personal data in Europe by 2020 [2]
  • Only 6% of UK marketers feel they fully grasp what GDPR will mean for their business [3]
  • Less than half (40.5%) of the organizations in Europe incorporate Privacy by Design for new projects involving the use of personal data [4]

Key Focus Areas To Be Considered in EU GDPR

key focus areas
data protection officer

Data Protection Officer

Every member state needs to have an appointed supervisory authority who will interact with DPO (Data protection officer) at Controller/Processor level

extended territorial scope

Extended territorial scope

Non-EU Organizations which process personal data of EU residents or provide services to EU residents will need to adhere to new regulation

privacy impact assessment

Privacy impact assessment

Organization processing the data will be required to conduct privacy impact assessments

notification of breach

Notification of breach

Organizations need to report data breaches within 72 hours after breach

consent and profiling

Consent and Profiling

Organization must inform data subjects of the existence and consequences of any profiling activities which they carry out and obtain explicit consent from data subjects

erasure/rectification of data

Erasure/Rectification of data

Data subjects have right to ask for rectification or right to be forgotten

data portability

Data Portability

Organizations should develop interoperable formats that enable data portability

privacy by design

Privacy by design

Data protection principles should be adopted into product/project design process