How is GRDP Impacting the Indian IT industry?

GDPR India, the sixth largest economy in the world, famously known for being an IT hub worldwide, managed to maintain world dominance with the industry with over 100 billion dollars in the export of IT software in the year 2017-2018.

The various clientele that India serves are located from the European Economic Area [EEA] have come under the lens of the General Data Protection Regulation [ GDPR] since May 25^th 2018. This law addresses the export of personal data outside European Union, carving a niche for itself in data protection across the region.

Contents  hide 

1 Why did GDPR come into force?

2 How does GDPR affect Indian companies?

3 Cost of non-compliance to Indian Companies[iii]

4 Implications on IT industry

5 How are Indian Companies preparing themselves for GDPR?

6 Conclusion

7 Writer’s Analysis

8 Reference

9 Related

Why did GDPR come into force?

The act comes as a defence mechanism after the Cambridge Analytica leak[i] which led to massive data leaks and breaches in private information of social media especially during the peak time of Donald Trump’s electoral campaign. The European council took this leak to be a major violation and decided to implement GDPR as a safeguard mechanism for the public.

General Data Protection Regulation comes in place of the European Union’s data protection directive dated in the year 1995 and also replaces UK’s data protection act dated in the year 1998.

This regulation enforces strict laws in terms on how organizations should process data and private information and imposes stringent guidelines on the processing of the personally identifiable information. This regulation defines 10 privacy principles[ii] namely:

1. Lawfulness
2. Fairness
3. Transparency
4. Purpose
5. Limitations
6. Data Minimization
7. Accuracy
8. Storage limitations
9. Integrity
10. Confidentiality

How does GDPR affect Indian companies?

Especially for the IT sector, that are involved in providing software products, will have to pave way in their systems to make it GDPR complaint and revisit their business process that revolve around personally identifiable information and access compliance levels. In respect to outsourcing companies, India is estimated to be worth over 150 billion US dollars and contributes to around 9.3% of GDP.

The known reality of Indian IT companies see as Europe as a large marketplace. GDPR is now a growth benchmark for

all the Indian companies wanting to leave a mark in the European markets especially German and France.

The areas where Indian companies have to become more proficient are their data protection laws, border restrictions and exposure to greater risk of penalties and litigation.

The general data protection regulation is an opportunity, a rather blessing in disguise for Indian companies to stand out and be the best data regulatory player there is. In terms of data transfers outside the European Union,

there are bountiful risks and rigidity, which will make the compliance work slightly more complex than it already is.

Cost of non-compliance to Indian Companies[iii]

The fines stated for the GDPR are severe. They are mainly of two types:

1. Fine up to 10 million euros or 2 % of annual global turnover of the previous year, whichever is higher.
2. Fine up to 20 million euros or 4 % of annual global turnover of the previous year, whichever is higher.

The value of the fine that would be imposed is not specific. A large part of the fine also depends on the behaviour of the organization; that have the opportunity to influence the reduction of fines by taking corrective steps. The GDPR has already made contract to previous regulations accountable for non-compliance, data loss or data breaches.

Implications on IT industry

Most of the GDPR regulations come with associated costs; compliance with GDPR will ensure that companies generate a reliable level of trust and confidence amongst their customers.

How are Indian Companies preparing themselves for GDPR?

According to the requirement of Indian Companies for GDPR, Indian companies are preparing the following:

• Reviewing policies, provisions and existing privacy programs.
• Imparting data discovery exercise and maintain proper records to demonstrate the clarity of personal data procession.
• Explain briefly their deal with third party vendors before updating contracts.

Conclusion

Indian companies need not explicitly see compliance as a headache. The arrangement to the new regulation will lead to prospective growth of business opportunities throughout the world for Indian Markets.

GDPR is the key for India to become a global IT sensation with its services and solutions and talented resource pool.

Writer’s Analysis

In these challenging times, the companies need a futuristic data plan and the GDPR compliance should not only be looked as an effort to scale higher in the global IT market

but also means to provide innovative tech solutions that will give new dimensions to the tech ecosystem of India.

This regulatory act is sure to bring an array of opportunities to Indian market players within the legal framework that should be sufficient to protect data privacy as proposed by the Sri Krishna committee post the Supreme Court verdict

on a free and fair digital economy protecting privacy.

---

Reference

[i] Anjali UJ, HERE’S HOW THE GDPR IS AFFECTING INDIAN COMPANIES,   ANALYTICS INSIGHTS . [ May 30^th  2018,  5.10 pm  – https://www.analyticsinsight.net/heres-how-the-gdpr-is-affecting-indian-companies/

[ii]GDPR AND ITS EFFECTS ON INDIAN COMPANIES, Sign desk , -https://signdesk.com/in/ekyc/gdpr-effect-indian-companies

[iii]How GDPR guidelines impact the Indian IT Industry, THE NEWS MINUTE [ July 21 2018, 17.58 pm] – https://www.thenewsminute.com/article/how-gdpr-guidelines-impact-indian-it-industry-85174