Compliance
- Information Technology Act Compliance
Information Technology Act came into existence in the year 2000 and was substantially amended in the year 2008.
- Information Technology (amendment) Act, 2008 covered Definitions of various Offences, Data Protection and Privacy in India.
- Established a self regulatory framework
- Mandatory Reasonable security practices and Procedures
- Articulated Sensitive Personal data or information
- Data Privacy Policy & Terms of Use
It is mandatory under Information Technology Act that the body corporate or any person who on behalf of body corporate collects, receives, possess, stores, deals or handle information of provider of information, shall provide a privacy policy for handling of or dealing in personal information including sensitive personal data or information and ensure that the same are available for view by such providers of information who has provided such information under lawful contract.
Such policy shall be published on website of body corporate or any person on its behalf.
- E-Contracts and Legal vetting of web content
We provide vetting of all types agreements and our firm has been doing the same for many Banks and IT Companies.
- Reasonable Security Practices & Procedures, Data Protection and Privacy
It is mandatory under Information Technology Act to follow reasonable security practices as under:
A body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures.
- EU General Data Protection Regulation Compliance (GDPR) and Training to Body Corporates.
What is GDPR?
Is a regulation enacted by the European parliament and the council of the European union (EU);
Applies to the protection of EU data subjects’ personal data such as name, last name, phone number, passport number, social security number (or equivalent), impacting elements such as;
- Governance;
- Process;
- Technology
Provides significant penalties for infringements, including fines up to EURO20 million or 4% of worldwide annual turnover (whichever is higher) for the most significant breaches.
Provides individuals the right to compensation for violations of the GDPR.
Data protection authorities have enhanced powers to enforce compliance with the new requirements by entities subject to the GDPR, including powers to prohibit certain data processing activities