Home  »  Blog  »  EU GDPR: Implications on Indian firms

EU GDPR: Implications on Indian firms

July 13, 2018

Let us begin with the stark truth: DATA IS KING, but an even bigger and much more
relevant truth is the need to protect this data and share it with only and strictly correct
and reliable sources. It is of utmost importance that data is protected and data sharing
is strongly invigilated. In line with this, the EU, recently, as recent as May 2018, brought
into effect General Data Protection Regulation (GDPR), which brings with it a bank of
stringent rules for handling personal user data and specifies protocols for handling and

If at all, how does this new regulation affect Indian firms? Let’s take a look…

1. Should Indian companies be bothered about this regulation?

The answer to that question is YES. The recently introduced GDPR will replace the 1995
Data Protection Directive and is put in place to protect the personal data of EU citizens
in the new digital world. The regulation covers all the EU member states and citizens,
and given that, global enterprises with operations or customers in the EU must adhere
to it. Europe is a robust and booming market for India’s ITeS, BPO and pharma sectors.
Thus, it is mandatory for Indian firms to comply.

2. What if Indian firms fail to comply?

Well, the answer to that question is simple but incurs heavy costs. Non-adherence with
GDPR can attract a maximum fine equivalent to 4% of an organisation’s global annual
revenue or €20 million, whichever is higher. Thus, simply put, compliance with GDPR is

3. How should Indian firms prepare for the GDPR?

To start with, firms should review their policies, procedures and existing privacy
programmes. More importantly, they should impart training on data privacy to
employees as well as review or update contracts with third-party vendors. Other than
ticking these boxes, Indian companies also need to be well-equipped to deal with the
audit process and use suitable and up-to-date technology solutions to prepare for the

To conclude, Indian companies need to look at this as a business opportunity; they are
likely to face increased compliance costs on the back of this regulation being introduced.
But, non-compliance will lead to massive penalties. You have been warned!