Comments
1. What is GDPR?
The GDPR is a regulation in European Union law on data protection and privacy applicable for all European Union(EU) citizens. All organisation are expected to comply with GDPR by 25 May 2018. The GDPR aims at giving control to the residents/individuals over their personal data by unifying and harmonising the data-protection regulations with the strict compliance requirements. The fines for not complying with the regulation can be either 4% of annual global turnover or €20 million - whichever is higher.
2. How does it impact a small business in India with no presence in Europe?
Even if the organisation is not has direct presence in EU, but doing business through its distribution channel and it collect, store, process PI or PII of EU citizens then they come under the purview of the GDPR compliance. This information is used for various purpose such as accounting, auditing, sales & marketing. For e.g.- Hospital specialising in Cancer treatment situated in south of India having EU patients, has to be GDPR complaint.
3. I don't have any European customers and no operations in the country, should I still worry about GDPR?
Yes, if any process or channel/distribution partners in your business operations ecosystem collect, store, process PI or PII of EU citizens. For e.g.: Cloud Service providers, Hotel Industry, Payment Service Providers.
4. Is sending customers GDPR-compliant terms enough?
No it is not. Depending upon the service or product which is utilised by the end –customer, the organisation needs to ensure that appropriate consent has to be taken from their customers through respective distribution channels. The organisation needs to ensure that it receives a notification when their customer revokes its consent to ensure that all the PI and PII are erased. This will unify the customer journey in giving and revoking the consent.
5. I haven't heard any issues related to GDPR so far. Is it not enforceable in India?
EU cannot enforce GDPR in India, GDPR is developed specifically for EU. Businesses who fall under the purview of the GDPR and doesn’t comply will be blacklisted or will not be allowed to do business in EU. Businesses in India have already started evaluating the impact of GDPR on them. Those who fall under its purview have already begin their GDPR compliance journey and those who have not are gearing up for its compliance.
La Quadrature du Net a French non-profit association campaigning on the rights of internet users, said that it has filed five collective complaints with national data protection agency Cnil (French Authority) against Amazon, Apple, Facebook, Google (Gmail, Youtube, Search), and LinkedIn for violating the privacy law. La Quad started inviting people to join its collective complaints six weeks ago. Over that time, the organisation got more than 12,000 people to sign up.
Watch the full interview here
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.