As General Data Protection Regulation (GDPR) comes into effect across the European Union (EU) from today, Indian startups, consumer-driven firms, fintech companies, and IT services with exposure to the EU may be among the first to feel the initial brunt of these changes.
“Consumer-driven companies that have exposure to the EU in areas like IT services and fintech, that support the banking and other regulated sectors, are likely to be affected first, and have to comply,” said Shree Parthasarathy, national leader – cyber risk services, Deloitte.
As a result of GDPR that essentially is aimed at unifying all EU member states’ approaches to data regulation, ensuring all data protection laws are applied identically in every country within the EU, Indian players in areas like life sciences, manufacturing sector and the government entities will initially find it much harder to comply to the GDPR in time, feels Parthasarathy, adding on a positive note that Indian consumers and regulators may not be subject to the full impact of the EU-wide law in the immediate future as it certainly going to give them some breathing space.
In the wake of GDPR being enforced, Indian IT majors such as TCS, Infosys, Wipro and HCLare already said to be rushing to quickly tweak their vendor and customer contracts signed with EU business partners.
GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. The landmark law also deals with export of personal data outside the region.
A recent research from consulting firm Capgemini showed 85% of EU firms still believe that they were not ready for the new law to come into effect, and one in four said they will not be ready to fully adhere to the law until the end of the year.