Now, you may think, that unless your organisation is based in the EU, you shouldn’t be bothered about GDPR, right? Wrong. With the increase in the online presence of most organisation, every company that has a web presence needs to essentially comply to the GDPR rules
So how does it affect a business, in let’s say India? To answer this question- any entity, that may or may not be located in the EU, but controls or processes the personal data of a person belonging to the EU is required to comply with GDPR, albeit in varying degrees. Therefore, GDPR has extra-territorial jurisdiction and its main aims is to protect the fundamental rights and freedoms of people in the EU and their right to data privacy.
As said before, because of the internet, a large number of Indian establishments now have the ability to attract and target customers on a global scale. Under GDPR, if an entity, while offering its goods or services, targets persons in the EU and consequently collects and processes personal data of such persons, then the entity in question is required to comply with the rules and processes set out in GDPR.
Europe is a significant market for the ITeS, BPO and pharma sectors in India. The size of the IT industry in the top two EU member states (Germany and France) alone, is estimated to be around $155–220 billion.
However, GDPR does not really affect individuals located in India. Its impact on Indian individuals is an outcome of the approach adopted by businesses around the world.
Basically, you do not have to be operating from the EU to comply to GDPR; as long as your target market includes people from the EU, you need to be GDPR compliant.
Companies are likely to face increased compliance costs on the back of GDPR as well as sustain the risk of facing hefty penalties in case of failure in compliance. Flouting the rules can attract a maximum fine equivalent to 4% of an organisation’s global annual revenue or €20 million (whichever is higher).
Therefore, to be safe rather than sorry, wherever your organization is based, if you plan to target consumers in the EU or plan to expand to the EU, review your policies, procedures, existing privacy programmes and make sure your employees are trained in the nuances of data privacy. Review or update your various contracts signed with third-part vendors and most importantly, include new technology.
Speaking about technology, software tools like VComply help you to manage your compliances effectively, lets you update your policies and ensure that auditing is effective and efficient.
So if you’d rather cover your bases immediately, than shell out big bucks and risk bankruptcy, make sure you’re on board with GDPR and are absolutely up to date.
Add to favorites