Introduction

Data helps businesses differentiate themselves and thus represents a competitive edge. However, concerns have been growing over the way enterprises use consumer data for marketing, as current regulations do not offer any control to them. Thus, GDPR (The General Data Protection Regulation) was born with more stringent and prescriptive compliance challenges, backed by fines. Other stringent rules include, about data breach reporting, the appointment of mandatory Data Protection Officer, and citizens’ right etc. The GDPR standardises data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). This is effective from May 25, 2018. Due to this new regulation, the impact on businesses is huge and will permanently change the way of customer data collection, store, and use.

How does it impact businesses?

GDPR applies to all organisations holding and processing EU resident’s personal data, regardless of geographic location. Many organisations outside the EU are unaware that the EU GDPR regulation applies to them as well. If the organisation offers goods or services to, or monitors the behaviour of EU residents, it must meet GDPR compliance requirements. Fines for non-compliance are huge. They can be as high as €20 million or 4 percent of a company’s total global revenue, whichever is higher. This is the maximum fine that can be imposed for the most serious violations, eg not having sufficient customer consent to process data or violating core Privacy by Design concepts. However, there is a tiered approach to fines.

The regulation covers all the EU member states and citizens, so all global enterprises with operations or customers in EU must comply. Businesses are already gearing up for this new data protection regime. Big MNCs of America capturing personally identifiable information are in danger of violating the GDPR rules. They are preparing to protect themselves from GDPR compliances. Indian companies with operations in EU or dealing with EU citizens’ data will also have to comply with this regulation. At present, companies world over are in the process of assessing the impact that EU GDPR will have on their businesses. High administrative fines in case of non-compliance with GDPR provisions are a driving force and concerns as they can lead to loss of business for various countries including India. India has had a peculiar economic structural transition. Economic Survey reveals 66.1 percent contribution of the services sector to GDP in Indian economy. Out of this, information technology – business process management (IT-BPM) sector is expected to touch an estimated share of 9.5 percent of GDP and more than 45 percent in total services exports as per NASSCOM. Revenue contribution of Exports in IT-BPM is expected to touch 108 billion US dollars with a comparatively less domestic contribution of 22 billion dollars. Major markets for IT software and services exports are the US and the UK and Europe, accounting for about 90 percent of total IT / ITeS exports.



To read more, please subscribe.