71% of survey respondents expressed that this regulation will help bring a sense of privacy in business and innovation in ideas
71% Indian enterprises say Global Data Privacy Regulation(GDPR) will help bring a sense of privacy in business and innovation in ideas, according to a recent survey conducted by Deloitte Touche Tohmatsu India LLP (DTTILLP or Deloitte India or Deloitte) in alliance with Data Security Council of India (DSCI).
In addition, particularly small & mid-size EU companies would open up for business possibilities to Indian firms, given the ease of data transfer between organizations. With respect to sectors, IT/BPM, Health, Ecommerce, Manufacturing and Pharma are the five frontrunners of the GDPR readiness journey.
Vishal Jain, Partner, Deloitte India said,” Digital transformation and advanced technologies have enabled enterprises to enhance customer experience. This requires a fair balance between data privacy and accessibility. GDPR brings in a renewed focus to data privacy. While this is a new compliance imperative, it also provides a competitive advantage for businesses. In fact, our survey findings also infer that GDPR can be the new business opportunity for Indian firms. The need of the hour for India Inc is to develop a strategic roadmap of adoption for this policy that is transparent and further allows them to build the next layer of customer trust.”
Rama Vedashree, CEO, DSCI said “EU has been a key geography for Indian IT and has been servicing customers across several verticals including public sector. Innovations in global services delivery models, best in class processes and standardization, attention to data protection has kept India’s IT growth story flying high. Scaling its people, process maturity and harnessing technology solutions for rigorous implementation has enabled driving conformance to data protection regulations in various geographies. Given EU GDPR, and impending India’s Data Protection Law, stepping up focus on Data protection practices and capability building, is a key imperative to satisfy expectations of customers and consumers
As a step forward, this survey laid emphasis on the need for a dedicated privacy team and a Data Protection officer (DPO) as their absence may pose a problem for organizations once the regulations for data privacy of various countries broaden after the enforcement of GDPR. This team would set the ground for Data Protection Impact Assessment (DPIA) that would help organizations identify, assess, and mitigate or minimize privacy risks with data processing activities.
Furthermore, it suggest that it is important for Indian organizations, especially Business Process Management (BPM) organizations, call centres and Business Process Outsourcing (BPO) organizations, to assess their role under GDPR as that of a Data Controller (DC), Data processor (DP) or both, since regulatory requirements for a Data Controller may vary from those for a Data Processor.
