Data Protection

On May 25, 2018, the General Data Protection Regulation (GDPR) became operational, revolutionizing the methods to protect and manage personal data. GDPR is responsible for safeguarding data and privacy of individuals within the European Union(EU) and the United Kingdom (UK)

Our clients often function as data controllers or data processors, and we serve as a data processor or data sub processor for these clients. While the data processor processes the personal data on behalf of the data controller or, in cases where we are data sub-processors, on the processor’s behalf, the data controller decides the lawful means and purposes of processing the data subject’s personal information.

However, in accordance with GDPR regulations, data controllers are responsible for GDPR compliance. We, as data processors or data sub-processors, consider ourselves to be equally responsible for implementing organisational and data security policies that enable privacy by design and default, demonstrating that data processing is secured and protected at our end, and enabling data controllers or data processors, as applicable, to be fully confident about data privacy and security while sharing their or their client’s data.

Responsibilities under GDPR

According to the GDPR, it is the data controller’s responsibility to ensure that the data processor complies with GDPR requirements in order to remain in compliance with the regulation. This allows for the protection of personal data of individuals (data subjects) living in the European Union (EU) and the United Kingdom, regardless of where such data is processed.

UK’s Adaption of GDPR

Under the principles of GDPR, the UK enacted its own legislation and put forward the Data Protection Act (DPA) in 2018. This legislation got activated on May 25, 2018 replacing the earlier version of DPA of 1988. The main aim behind DPA 2018 is to modernize data protection rules, as per future trends.

Post- Brexit, the UK reintroduced the UK-GDPR on January 31, 2020. The three bodies, i.e. UK GDPR, DPA 2018 and the Privacy and Electronic Communications Regulations (PECR) collectively govern the processing of personal data within the UK. Due to similarity between UK-GDPR and EU’S GDPR data protection standards are quite consistent for both the regions.

Data Privacy Progress In India

In India, after the Hon’ble Supreme Court declared the right to privacy a fundamental right and  data protection bill was introduced in the Lok Sabha on December 11, 2019 which was subsequently enacted as Digital Personal Data Protection (DPDP) Act, 2023.

Our Commitment to Data Privacy

We place a high priority on data or cyber security, therefore we’ve gone through the steps of risk assessment, security control implementation, human resource training, and confidentiality and work-from-home security measures to reduce risk. By partnering with VMG, you can be confident in the security and integrity of your data.

As a company that complies with ISO 27001 (ISMS) and ISO 27701 (PIMS), VMG Solutions provides outsourcing services with high data security.