GDPR – A Big Transition in the Indian Market?
Businesses across the world, especially startups, are dealing with a new concern – the new regulation called General Data Protection Regulation (GDPR). 25th May onwards, the entire business world is going to undergo a transition and the question remains if this is going to impact innovation and businesses of Indian startups. Is GDPR in the Indian market going to bring in a big transition for businesses?
GDPR has been made mandatory for companies to protect the personal data and privacy of citizens of the European Commission (EU) for the transactions that happen within EU member states. This regulation has the potential to make businesses reconsider their business models and their day-to-day business strategies on a global scale, and non-compliance could mean a huge cost burden for businesses.
What is GDPR
GDPR has been created by the European Commission as a regulation to provide users with increased control over data and privacy. This would also ensure that the personal information shared with companies adheres to defined standards with respect to storage, protection, and usage.
Apart from the protection provisions for data, this regulation also defines the repercussions for violation.
The fine for violation of the regulation can go up to $24 million or 4% of the company’s annual turnover of the preceding FY, whichever is higher.
With the provisions of this regulation, a user has the right to be forgotten. The user can request for all their data to be deleted. Withdrawal of consent can be reason enough for this request. With this opting-out feature, users can agree or disagree to share their data and information and be tracked by online analytics of various companies.
GDPR for Indian Startups
The GDPR regulation is not relevant just for the companies operating in EU, but even the companies that have European users on its platform.
As far as businesses in India are concerned, the European Commission represents a consumer base of approximately 500 million across the spread of 28 countries. Ignoring a consumer base that huge is definitely not a feasible option for the Indian market.
It is extremely important for Indian startups, even those operating in India, to comply with this regulation and make protection of data and privacy a focus point of its processes. Compared to the expense of complying with the GDPR regulation is going to much lower for companies than the price they will have to bear for non-compliance.
GDPR Compliance Tips for Indian Startups
Self Audit
Take an account of what and how much personal data you hold, from direct consumers and suppliers, both. Protection for children should also be factored, along with the ability to handle requests from users whose information you hold.
Make it possible for your company to detect, report, and investigate a breach of personal data, and more importantly, protect data.
Educate
Startups must educate themselves about the provisions and the developments regarding this new regulation, even if their work does not fall under the ambit of GDPR. Rules and regulations regarding privacy and protection of data are getting stricter, which is why it is crucial to be aware of every development and provision that has anything to do with the regulation.
There are companies that are now interested in hiring resources who have the necessary know-how of data protection and privacy.
Data Protection Officers for Indian Startups
Are Indian startups going to need to create a position of Data Protection Officers to overlook GDPR compliance through the creation of data protection strategies and their implementation in operations of the business?
Even though the provisions of GDPR state that a company is required to hire a DPO if it deals in large amounts of consumer data, individual states/countries have the liberty to fashion their own provisions to ensure compliance with GDPR provisions.
The question that Indian startups really need to answer is whether or not they want to focus on issues related to privacy and security in their business. If the answer to that question is affirmative, the businesses need to decide how they want to fulfill this responsibility – with a dedicated employee for the job or a consultant, depending on the nature and size of the business operations.
Why Indian Businesses Fear GDPR
One of the main reasons for the fear of GDPR within the Indian Startup Ecosystem is the absence of complete information. Very little information is available among startups in India right now, regarding the cost that goes into compliance and the specific provisions that need to be met to comply.
However, GDPR compliance is going to be a lot easier and a lot more cost-effective for smaller startups than biggies in the market who deal with a huge customer base and a lot of data. Small startups will find it easier to implement GDPR compliance in their processes and business innovations.
Also, GDPR compliance is going to open new doors of opportunities for companies as well as individuals, as the need to inculcate privacy and data protection into business operations is going to become a major focus of businesses.
Conclusion
Meeting the requirements of GDPR may pose a challenge for companies, big and small, across the globe, but they are dealing with it.
Companies and startups in India who till date had their focus away from data protection and privacy will now adopt business models and tech that comply with the GDPR regulations, either forcefully or voluntarily. The way to look at it right now is, compliance with this regulation is definitely the better choice for businesses than the violation of it.