Ending Soon! Save 33% on All Access

What Indian Firms Need to Know About GDPR Compliance It's extremely important for people doing business with European Union to know about GDPR and hence we elaborate on the subject

By Shaninder Singh Pahwa

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

graphicstock

Every organization in India that deals with, or has access to, personal data of EU residents is required to store and manage such data in compliance with the EU's General Data Protection Regulation (GDPR) which became effective since 25th May2018.

GDPR expands the definition of "personal data', which denotesany information relating to an individual who can be recognised directly or indirectly by identification numbers, location, and physical, genetic, economic or social identity.

GDPR Rights

GDPR assures EU residents privacy of their personal data stored within an organization. The regulation has extraterritorial scope mandating data storage entities outside the EU borders to be compliant. GDPR commissions organizations that possess data on EU residents to protect it; disclosure of which may cause these firms to face considerable penalties. Such organizations must also ensure that data is collected via valid legal approaches.

Impact on Service Providers

Given that many Indian entities render various types of service processes to entities registered in EU who provide access to personal data of EU residents, it is pertinent for such Indian organizations to be GDPR compliant.

Service providers likely impacted:

  • Chartered Accountants providing Personal Tax consulting to EU nationals and residents

  • Organizations performing Background Checks on EU nationals and residents

  • Law Firms working with direct clients, and law firms, based in the EU

  • Forensic investigators conducting fraud investigations on Indian subsidiaries of EU companies

  • Recruitment, HR and Payroll Consulting firms analysing personal data of EU residents

  • EU based consulting firms internally bidding and outsourcing contracts obtained in the EU to their Indian subsidiary/back office.

Keeping Data Safe

Indian organizations must revisit the terms of their contracts which allow them access to personal data of EU residents. Both awareness and vigilance will be necessary prerequisites to remain compliant with GDPR. Some options to mitigate breach of data:

  1. Stringent non-disclosure terms and strict confidentiality agreements with all senior employees is a must. Ideally these should be locked-in with their employment agreement.

  2. Employees should have access to such data in accordance with their assigned role and responsibilities. Sharing or providing access to information should be only on a need to know basis as at times critical personal information is shared with other employees or third-party vendors without realizing the consequences of such actions. Therefore, it is important to have in place back-to-back confidentiality agreements with all those with whom personal data of EU residents is to be shared.

  3. An organization must have an IT policy in place to further secure such data when an employee is serving his or her notice period, to have limited or no access.

  4. Ex-employees may attempt to access information by connecting with unsuspecting employees. Ensure that data confidentiality is stressed to all employees during attrition.

  5. Invest and maintain a reliable encrypted backup and storage system. Indian companies that control information about EU individuals must audit their data storage integrity, and archives access policies, while ensuring they have access to all necessary data when needed.

  6. Use of portable storage media must be prohibited unless critical but should be monitored and supervised. SD cards hold 512GB easily and are unnoticed.

  7. Random audit of data security procedures and processes may be undertaken to monitor system integrity, especially during change in the IT department or major migration of data or software.

  8. Lastly, regular training for employees to understand the scope of GDPR, what it entails and implications to the company, especially in case of non-compliance. Employees must be made aware of the consequences in the case of mishandling or mismanagement of digital data.

Indian organizations must provide comfort to EU clients that they're committed to complying with GDRP regulations and that data with them is securely stored, and data rights under GDPR are respected. These include an EU resident's right to:

  • withdraw consent for the use of their personal data at any time

  • access their personal data

  • know the nature of the data

  • To object concerning how the data is used.

GDPR Compliance

  • Map and Audit Data Flows

To remain GDPR compliant all entities in India, irrespective of their size, will need to take stock of the data they store about EU residents. To do this they must keep track of where and when they use such data. In the event an EU resident seeks information, pertaining to their personal data, its storage and purpose for which they said data is used, Indian firms must be able to share such information with ease, transparency and clarity.

  • Stronger Data Control and Collection

GDPR tightens the privileges of consent when acquiring data from customers. Indian companies falling within the ambit of GDPR may consider appointing a Chief Data Officer to manage how they receive, control, collect, store and archive data of EU residents.

  • Compliance with Local Indian Laws

Indian companies, while developing compliance to GDPR, must not ignore compliance with India's cyber laws too, for which Legal and IT will need to work together.

Opportunity

Although continuous efforts will be needed to remain GDPR compliant, SME's should view this as an opportunity rather than a hindrance. Being GDPR compliant provides a USP to a service provider differentiate itself and acquire more business from the EU.
Shaninder Singh Pahwa

COO, Alea Consulting

Mr Pahwa is the COO of Alea Consulting, India’s first home-grown Risk and Fraud Mitigation Consulting firm

 

Most Popular

See all
Leadership

How to Break Free From the Cycle of Overthinking and Master Your Mind

Discover the true cost of negative thought loops — and practical strategies for nipping rumination in the bud.

By Aytekin Tank
News and Trends

Gurugram-based Wealth Management Firm Finvolve Closes Maiden INR 100 Cr Fund, Launches Two New Funds

Finvolve also announced the launch of two new funds, pre-seed Accelerator Fund and Scale Fund, including a GIFT city, with an investment capacity of around INR 500 crore to widen its investment spectrum: Accelerator, Seed, and Scale.

By Entrepreneur Staff
Side Hustle

These Brothers Had 'No Income' When They Started a 'Low-Risk, High-Reward' Side Hustle to Chase a Big Dream — Now They've Surpassed $50 Million in Revenue

Sam Lewkowict, co-founder and CEO of men's grooming brand Black Wolf Nation, knows what it takes to harness the power of side gig for success.

By Amanda Breen
Growth Strategies

AI Agents Startup Secures $4M to Revolutionize Customer Onboarding & Retention

Under the leadership of Gaurav Aggarwal and Anuja Verma, Truva AI has created an innovative solution for customer onboarding and retention, leveraging sophisticated AI agents.

By Ramesh Swamy
Thought Leaders

Need More Confidence? These 10 Bestselling Books Will Help Improve Your Self-Esteem

Self-esteem can be hard to come by and even harder to maintain. To give yourself a boost, try these authors' words of wisdom.

By Hayden Field
News and Trends

Whats Fuelling Growth Of Indian Aviation's International Ambitions?

In April 2024, India's international airline capacity reached 7.3 million seats, an increase of 17 per cent from the 6.2 million seats scheduled in the same month in 2019. This change can be attributed to a noticeable shift in spending patterns that emerged after the pandemic, as evident in the increasing inclination of Indians towards international leisure travel

By Shrabona Ghosh