GDPR for Indian Companies

This note is written after experience of more than 20 Indian Startups and small and mid sized companies.
So as we know it, GDPR is going to affect a lot of Indian companies in many ways, but the key ways in which it affects Indian companies is by restricting their growth and business potential.

The Indian culture is such that CEOs are just not ready to comply and GDPR is not a light regulation. It places enhanced obligations on all companies to consider privacy as a key risk and monitor it accordingly.

Another challenge facing Indian companies is that these are typically 50 to about 200 employee companies and they have very poor information security controls and GDPR requires under article 32 that company should have strong technical and organisational measures to ensure data protection.

In such a scenario small companies are forced to significantly improve their information security controls which means a lot of financial expenditure. At this juncture, companies evaluate the pros and cons of compliance. Should they spend and comply or rather lose that one client that is giving them the business.

Small Indian companies are generally concentrated and have businesses with a few large overseas clients these companies believe that if they are able to convince these few clients and win their confidence then there really isn't any requirement to comply. But as Riskpro India has seen, while consulting on several data protection consulting assignments with these companies, it is those few large clients that will make the push because the larger the clients you have, the more compliance oriented they tend to be.

So, a piece of advice is that GDPR is not a one-time activity but rather an ongoing compliance requirement. Unless the company's understand this key difference, compliance will be merely a tick box exercise and will result in large regulatory penalties for such companies. Just putting together a set of policies and papers procedures a few trainings here and there and then telling the world that you GDPR compliant does not help. Instead what the company should be doing is that they should be understanding the privacy risk, building a culture of improving data protection across the organisation and enhancing their information security controls.

Really if you look at it then the only real things that are very important are not many but a few. And many small companies can easily comply with these. The following are the key requirements for companies

• Need to have privacy policy that explains exactly what kind of information is collected how it is collected and that data subject have rights under the policy.

• This document called should also outline what type of minor’s data processing occurs and any cross-border transfers and recipients of data

• A robust and clearly articulated consent collection and consent storage evidencing process is absolutely critical small companies who tend to blast out emails and engage with customers and potential customers through direct marketing without realizing that there are multiple regulations that impact the organisation. It is not just GDPR that they have to comply with, but we also have regulation similar to PECR and E-privacy, so you can imagine trying to follow and comply with one regulation but ignoring the fact that these are parallel regulation out there.

• Such confusion totally impacts these companies and at the end, they are better off not complying at all rather than complying half heartedly and without realising the overall impact of their activities.

To conclude, under such circumstances, it is absolutely important that these Indian companies carry out a detailed GDPR gap assessment and identify the core and key areas of non-compliance. After that a project plan should be designed in which all the tasks and actions are outlined.

CONTACT
If you would like to learn more about how Riskpro India is helping Indian companies to meet GDPR compliance, drop an email to info@riskpro.in

Other Services of Interest

  • Auditing emerging Trends - IIA and Riskpro host a joint event

    The Institute of Internal Auditors (IIA), Bombay Chapter is pleased to host "Auditing Emerging Trends" on 7th September 2018 - Friday at ‘the International by Tunga’ – MIDC, Mumbai. This event is...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Data Protection Officer (DPO) Services

    Why a DPO The General Data Protection Regulation (GDPR) makes it compulsory for certain companies to appoint a DPO. this is a mandatory position that is expected to carry out certain defined tasks....
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Riskpro India on top of Emerging Risks that bother you

    Riskpro India is well positioned to offer advisory services for emerging risks such as Data Protection (GDPR), information security, assurance services such as Third party risk management, internal...
  • Assurance Services

    In Riskpro we believe that Internal audit function has to align its activities with business activities of any organisation to achieve its objectives. IA can be of significant value if it maintains...
  • Go to top