We help ensure data privacy and protection in our client’s policies, processes and engagements. We are experts in the field of personal data and advice clients on the extant data protection rules i.e. SPDI rules, 2011, the Personal Data Protection Bill, 2019 and GDPR compliance.
The Information Technology Act imposes heavy penalties on Corporate Companies in the event of failure to protect sensitive personal data of customers and employees. We advice in this domain and have assisted many Corporate Companies in formulating their data privacy policies. We have also worked extensively in protection of Employee privacy along with protection of confidential Corporate data through BYOD (Bring Your Own Device) Policies and MDM (Mobile Device Management) Policies.
Under the Information Technology Law, a Company is exposed to liability over Rs. 5 Crores in case of a data breach and we help mitigate this risk through Privacy Law Compliance Audit and Compliance advice.
Our scope of advice includes the following:
We draft comprehensive Data Privacy Policies keeping in mind the scope of processing being conducted along with data retention requirements. We advice on the consent and notice requirements for processing of personal/ sensitive personal data. We create consent processes for collection of personal data from employees/ job applicants.
We conduct firm-wide review of contracts and third party/ vendor engagements to ensure data protection. We also advice on the controls that third parties need to have in place whilst collecting personal/ sensitive personal data.
Corrida Legal provides curated training material on Data Privacy and Protection for Employees and Management/Team leads. Please reach out to us on gslegalconsultancy@gmail.com for more information on our training materials.
We conduct firm-wide check on the resting and processing of personal/ sensitive personal data in order to ensure adherence with the applicable personal data laws. We advice on changes/ improvements to the data collection/storage process to ensure due compliance.
We advice clients on ensuring compliance with GDPR aspects if they are processing data pertaining to GDPR countries. We advice clients on preparation and maintenance of Records of Processing and the Breach Notification Procedure, as mandated under GDPR.
We advice on Aadhaar collection and processing requirements including consent of Aadhaar user, redaction of Aadhaar and maintenance of Aadhaar Data Vaults.
We use a two-pronged approach to ensure our Client’s readiness for the upcoming law: (1) Data footprint assessment: Conducting a thorough check on the resting and processing of personal data/sensitive personal data through checklists and department-wise/management briefings. This step helps maintain a clear record of resting of personal data/ sensitive personal data. (2) Privacy policies and governance framework: We prepare the privacy policies, notices and consent drafts required for the processing of personal/ sensitive personal data. We also put in the controls and governance, as required for processing of personal data/ sensitive personal data.
