Market Research Report
|Published by||Global Industry Analysts, Inc.||Product code||907177|
|Published||Content info||142 Pages
Delivery time: 1-2 business days
|Published: July 1, 2020||Content info: 142 Pages||
GDPR Services to Reach $4.3 Billion as the World Struggles to Prevent Avoidable Privacy Breach While Optimizing Data Driven Fight Against COVID-19
The global market for GDPR Services is projected to reach US$4.3 billion by the year 2027 trailing a CAGR of 18.2% over the analysis period 2020 through 2027. Governments the world over are collecting personal data of citizens for contact tracing & communication which is the backbone of pandemic management. The scenario however has raised concerns that the pandemic cannot be used as an excuse to compromise personal data of customers. Operating during COVID times means companies are processing personal health data of customers such as body temperature, travel plans & location history. Companies are therefore under greater pressure to manage personal data with additional care & caution. GDPR rises in importance under this scenario to protect against compliance exposures while ensuring compliance with public health rules imposed by public health authorities. A large number of international organizations are required to comply with GDPR guidelines. GDPR rules are applicable to processors and controllers of data, including cloud service providers.
Data specified as personal by the GDPR framework includes name, picture, address and other type of sensitive data like sexual orientation, genetic data and biometric data. The legislation requires companies to perform privacy impact assessments, document use of personal data, seek customer permission for data usage and communicate authorities about data breaches. The regulation is legally binding and can't be ignored or opted out. The regulation empowers and protects all citizens of the EU, while keeping organizations accountable for data-related actions. The GDPR covers 91 articles through 11 chapters, including various articles that are expected to potentially impact security operations. Articles 17 and 18 provide data subjects with enhanced control over data intended to be automatically processed. Representing the right to portability and right to erasure, these articles allow data subjects to easily transfer personal data among service providers as well as direct controller to wipe out the data under specific circumstances. Articles 23 and 30 make it mandatory for organizations to implement effective data protection strategies for protecting consumer privacy and data against exposure and loss. Articles 31 and 32 of the GDPR are associated with data breach specifications and require controllers to inform Supervising Authorities of any data breach incident within 72 hours.
Controllers need to provide relevant details of the incident such as the nature and number of subjects affected. As per the Article 32, data controllers are required to inform data subjects of breaches risking their freedom and rights. Articles 33 and 33a make it mandatory for organizations to conduct Data Protection Impact Assessments for identifying risk to consumer personal data along with Data Protection Compliance Reviews for addressing these risks. Article 35 requires organizations to employ data protection officers. The article is relevant for companies engaged in processing data related to genetic information, religious beliefs, ethnic or racial origin, and health. These officers need to work as point of contact with Supervising Authorities and provide organizations with compliance-related advice.