The new stringent data privacy norms in Europe are proving to be a nightmare for data processing companies. These companies have a hard time getting data for processing, which may adversely affect their business. In addition, they have to invest heavily in building hardware and software infrastructure to be compliant with the new norms, say industry players.

The General Data Protection Regulation (GDPR) is a law on data protection and privacy for all individuals within the European Union and the European Economic Area. It came into effect in EU on May 25. The new law gives the citizens greater rights over their personal data, which they can access, port and delete, upon request.

Anindya Datta, Founder and Chief Executive Officer, Mobilewalla, a US-based consumer intelligence platform, said their current operations in EU, which accounts for 10 per cent of their revenue, were affected due to the implementation of the privacy law.

Lack of clarity

Typically, companies in the data processing space buy or acquire data for processing depending on their client’s needs like digital marketing, targeted advertising or understanding consumer preferences. GDPR is hard on them because most of data collectors have stopped selling data following GDPR implementation. Additionally, they need to ensure that their collectors are also GDPR compliant. Moreover, it puts them at a high risk as there is no clarity on what can be deleted.

Mukul Shrivastava, Partner, Fraud Investigation and Dispute Services, EY, said the companies should be able to identify where PII (personally identifiable information) is stored and build infrastructure to access and delete data on request. But this technology is expensive.

Building technology infrastructure could cost anywhere between few lakh rupees and a few crores depending on the volume of data a company handles, he said.

With such significant investment, some feel that end user cost could go up. According to an industry source, there is a possibility that the cost of data for an end user, a corporate for instance, might go up as it has to compensate the high risk associated with the business.

“Going forward privacy is going to be important,” said a senior director associated with a consultancy firm. Given that privacy is here to stay, the source said that companies that prioritise privacy will have a competitive edge in the coming years.

Datta agreed that companies that are trying hard to be GDPR-compliant will have the first mover advantage. It is one of the reasons why Mobilewalla is continuing its operations in Europe when many of its peers have made an exit, he said.

comment COMMENT NOW