Is India ready to embrace GDPR?

May 25th, 2018 marks a new dawn for the data protection laws as the European Union’s Global Data Protection Regulation (GDPR) comes into force this day. This law replaces the EU’S erstwhile Data Protection Directive regulation of 1995. User data protection has become a subject of survival for many companies, especially those in the IT, data analytics and digital marketing. This law will make consumers responsible for their own online data.

The regulation is not just restricted to companies in the 28 EU member states but also every company across the globe that collects and process data from users residing in the European Union.

What are the crucial user data that comes under the purview of GDPR?

Apart from personal information such as name, gender, an email address that the users voluntarily share, the usage of cookies and browsing history will also be tracked. To avoid any kind of misses, identifiers such as IP address and location data will also be covered under personal data.

general data protection

How will it impact companies across the sectors in India?

IT/ ITes sector,

IT sector valued at about $160 billion has Europe as its largest client after North America. We can expect a lot of overhauls in the contracts as the compliance laws will now include GDPR as an important element. This will impact both the vendor and client. The change in the IT environment might also lead to consumer preference in terms of the product they want. The firms which are cloud vendors will also have to be extra cautious with data storage and will have to use methods like encryption to protect data and assure their clients.

Digital Marketing

Digital Marketing is one field which directly mines a huge volume of user private data. To customize ad campaigns for target customers, sending out mass emails, tracking buyer moves, Digital marketers use consumer data for almost everything. What seemed perfectly okay till yesterday will be considered as a breach of the new law if necessary consent is not obtained from consumers. This may even be punishable. This would mean, Digital marketing agencies need to install checks at all the necessary points, as for user permission on social media and other platforms through detailed authorization notices. This would also mean designing a foolproof plan for sharing data with third-party and assessing the data.

Data Analytics and Big Data

GDPR is going to hugely impact Data analytics and Big data companies. Automated decision making needs to be legally compliant as it involves obtaining the data subject’s consent. There must also be transparency wherein the data subjects need to be informed about the reason behind data collection. The data analyst also needs to conduct a privacy impact assessment and caution the data subjects about various privacy risks that might arise in the due course. A great deal of planning is sure to go into analytics before the real action begins.

The challenges: Is India prepared?

Most of the Indian companies are yet to fully be prepared for GDPR. According to a 2018 Ernst & Young survey, only 13% of Indian companies have plans to comply with the GDPR India had weak data protection laws hence the GDPR will impact firms irrespective of its size. The regulations are applicable on the riskiness of data rather than firm size. Moreover, the GDPR compliance is cost-oriented. They will need to incur huge expenditure on compliance fees, legal consulting fees and restricting of IT services. Any violation will draw a fine of up to 4% of the firm’s annual turnover or around Rs 160 crore, whichever is higher.

Opportunities: GDPR will pay off in the future

A key result of GDPR would be increased hiring of Cybersecurity officers and Data privacy practitioners. The regulation itself mandates companies dealing with risky and voluminous data to must appoint a Data Protection Officer. Not just this, firms will now consider hiring more of compliance officers and legal experts.

GDPR is aimed at enabling a more functional information economy within the European Union. Experts believe that complying with the GDPR might actually benefit companies’ information management and be a catalyst for new business opportunities. The entire compliance process might slow down operations initially, however being ethics matter immensely in business and being right goes a long way in being successful.