GDPR reminded businesses going overboard on opportunities of collecting and analyzing individuals’ data that it is a party that they must pay for—by complying to a set of rules about what they can do and not do with what personal data of individuals, apart from keeping that in safe custody.
How are Indian companies preparing for GDPR?
That is too hopeful a headline on the cover.
Never mind that less than 20% Indian companies have to do anything about GDPR. The 15 odd security leaders whose comments—very few of them plans—about GDPR have been featured in this issue belong to that 20%. We have, for obvious reasons, not included those who said it does not apply to them.
It would not have been such a big thing without India’s quasi-global technology and business services industry, commonly known as IT/BPO. However, we do not feature it here because of them.
GDPR is a big word for all. It is a big word because it reminded businesses going overboard on opportunities of collecting and analyzing individuals’ data that it is a party that they must pay for—by complying to a set of rules about what they can do and not do with what personal data of individuals, apart from keeping that in safe custody.
By enacting a very stringent piece of regulation, it showed the world that if you have strong will, you can actually do it, despite all criticism.
It is a piece of regulations that showed the path to governments worldwide on what to do about protecting its citizens’ privacy. That many of the global policy considerations—including those discussed by the white paper made by an Indian committee entrusted with proposing the provisions of a proposed data protection law—are based on GDPR is not a coincidence.
Despite all that, the sensitivity about individual privacy is still very low in India. Part of the reason is Indians themselves care very little about privacy. Give a recharge of ten rupees and many are willing to share everything. In an environment like that, making a stringent data protection regulation work is a tall order.
But GDPR has begun on a right note. I doubt if there would be large scale penalization in the first few months. But as the regulators there have shown, they have strong will and they will not hesitate to take action. And penalties like 4% global revenue are not a matter of joke.
If they can do that successfully, other governments will follow suit.
CISOs have of late become CCOs—Chief Compliance Officers. This challenging task of complying with these regulations will be on them. The journey has just begun.
Read our ITNEXT June 2018 Issue