Will GDPR be the Great DisruPtoR ?
Image courtesy: https://www.eugdpr.org

Will GDPR be the Great DisruPtoR ?

J Sydney D'Souza J Sydney D'Souza

J Sydney D'Souza

Head - Operational Risk at RBL Bank

Published Nov 27, 2017
+ Follow

Exactly 6 months from now, the EU GDPR will become fully applicable.

What’s that you say ?  Well simply put, the General Data Protection Regulation (GDPR) is the world’s strictest data privacy law.

It is the most important change in data privacy regulation in 20 years, and although an European Union regulation, it is widely applicable to any enterprise holding EU personal data anywhere…and that includes here in India.

Come 25 May 2018, our use of personal data (email addresses, phone numbers and a wide variety of other data of EU residents) will change forever.  And it had better change in time, as the fines proposed are the stiffest we’ve seen in recent times.

So should Indian enterprises worry ?  Not if your GDPR implementation is already underway. If its not, then yes…there is reason to hurry. Fines apart, the Regulation requires enterprises to embed “Privacy by Design” into every product / process that touches personal data.

If that’s not enough, the standards for obtaining “consent” for use of personal data are now far more onerous. So consent too will have to be ‘re-thought’ and ‘re-sought’.

Indian enterprises either processing personal data of EU residents, or those that hold & use such data in the normal course of their business will be particularly impacted - current data processing / marketing contracts from EU businesses may not be renewed if you are not already GDPR compliant here, or not likely to be compliant by early 2018.

To make things worse, the largest fines under the GDPR are the easiest to incur, eg collecting/using personal data without explicit consent, or violating the Privacy by Design concepts.  The fines range from 2 - 4 % of annual global turnover, or EUR 20 million…whichever is HIGHER).

In all fairness, the Regulation was notified a while ago in May 2016, giving impacted parties 2 years to plan and overhaul processes & systems. The smarter Indian enterprises will no doubt see this as a chance to convert adversity into an opportunity.  Get GDPR compliant quickly, and you could steal business away from the laggards in the Philippines & elsewhere.  Too slow to pick up the ball and the reverse may well happen.

So will GDPR be the Great DisruPtoR ?

Will be interesting to see how the final lap of 6 months pans out...

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics