Indian Companies and GDPR
Can GDPR be applied to use in Indian businesses? Yes. Although GDPR is a European regulation, it can easily be applied to an Indian firm if such organization supplies services or goods to individuals from the European Union (EU) i.e. EU data areas or tracks their conduct within EU. An Indian organization may act as a controller (i.e. ascertain how and why information has to be processed), or even a processor (i.e. process data, once ascertained, on behalf of a controller). GDPR has prescribed particular obligations and penalties from in regards to both the situations.
This information could be of workers, clients, vendors or business partners of a company. Stricter protection is allowed to sensitive group information, for example, political views, religious beliefs, trade union membership, ethnic or racial origin, etc.
Risks and penalties of non-compliance
The penalties are important under GDPR. For non-compliance with client approval requirements, information subject rights, cross-border information transport requirements, etc. The financial penalty might be greater than 4% of annual global turnover in the previous financial year or EUR 20 million. These may have major financial implications for any organization conducting business in Europe. For non-compliances by Controller and processors of the obligations under GDPR, the penalties could more than 2% of annual global turnover in the preceding financial year or EUR 10 million.
Furthermore, there’s also reputational risk and the chance of missing out EU customers/clients if an Indian organization isn’t GDPR compliant. Indian businesses falling over GDPR ambit will have to offer new rights to EU data issues moving ahead. These include:
- right to be forgotten
- directly to the erasure of personal information
- right to rectify information and data
- right to information portability
The arrangement between controller and processor for processing of private data need to integrate GDPR needs. The controllers and processors outside EU will have to designate a local agent in EU, along with a data security officer, in some specific scenarios, which is added compliance and prices for Indian businesses.
Essential takeaways for Indian Businesses
General Data Protection Legislation for a term, is now, known to the majority of Indian businesses managing personal information. Privacy has just taken a center stage in the electronic age, as is evident from the current Facebook -Cambridge Analytica controversy. EU is a considerable market for Indian IT/BPO/ technology market. Consequently, GDPR compliance has taken priority for most Indian businesses having company in EU.