Reading Time: 3 minutes

In one of our previous posts, we spoke about how GDPR needs to go hand in hand with GRC. Since its implementation on May 25th, 2018, GDPR has done what it was supposed to do- ensure privacy of data.

All of us would have noticed a sudden inflow of emails or would have received alerts from various applications or platforms, saying “We have updated our Privacy Policy”, towards the end of the month of May, right after the GDPR was enforced by the European Parliament. The simultaneous occurrence of these two events could be dismissed as a mere a coincidence, but the sheer magnanimity of the amount of emails and alerts definitively rules that out, and it can be safely said that these updates made to the various Privacy Policies were definitely the direct effect of GDPR being implemented.

Now, you may think, that unless your organisation is based in the EU, you shouldn’t be bothered about GDPR, right? Wrong. With the increase in the online presence of most organisation, every company that has a web presence needs to essentially comply to the GDPR rules

So how does it affect a business, in let’s say India? To answer this question- any entity, that may or may not be located in the EU, but controls or processes the personal data of a person belonging to the EU is required to comply with GDPR, albeit in varying degrees. Therefore, GDPR has extra-territorial jurisdiction and its main aims is to protect the fundamental rights and freedoms of people in the EU and their right to data privacy.

As said before, because of the internet, a large number of Indian establishments now have the ability to attract and target customers on a global scale. Under GDPR, if an entity, while offering its goods or services, targets persons in the EU and consequently collects and processes personal data of such persons, then the entity in question is required to comply with the rules and processes set out in GDPR.
Europe is a significant market for the ITeS, BPO and pharma sectors in India. The size of the IT industry in the top two EU member states (Germany and France) alone, is estimated to be around $155–220 billion.

However, GDPR does not really affect individuals located in India. Its impact on Indian individuals is an outcome of the approach adopted by businesses around the world.

Basically, you do not have to be operating from the EU to comply to GDPR; as long as your target market includes people from the EU, you need to be GDPR compliant.

Companies are likely to face increased compliance costs on the back of GDPR as well as sustain the risk of facing hefty penalties in case of failure in compliance. Flouting the rules can attract a maximum fine equivalent to 4% of an organisation’s global annual revenue or €20 million (whichever is higher).

Therefore, to be safe rather than sorry, wherever your organization is based, if you plan to target consumers in the EU or plan to expand to the EU, review your policies, procedures, existing privacy programmes and make sure your employees are trained in the nuances of data privacy. Review or update your various contracts signed with third-part vendors and most importantly, include new technology.

Speaking about technology, software tools like VComply help you to manage your compliances effectively, lets you update your policies and ensure that auditing is effective and efficient.

So if you’d rather cover your bases immediately, than shell out big bucks and risk bankruptcy, make sure you’re on board with GDPR and are absolutely up to date.

 

 

 

FavoriteLoadingAdd to favorites