GDPR: Impact on Indian Companies


Europe is a considerable commercial center for the ITES, BPO and pharmaceutical industry in India.
The extent of the IT business in the best two EU part states (i.e. Germany and France) is assessed to be around 155– 220 billion USD. For the Indian IT industry to keep on doing business in Europe, it needs to conform to the GDPR. In case of resistance with respect to Indian organizations, the GDPR forces a penalty of 20 million EUR or 4% of an organization's worldwide turnover.
Immediate steps have to be taken by Indian companies to precisely look at the requirements of the
GDPR compliance.
They need to take following steps:
  • Create and modify privacy policies, procedures and compliance programs.
  • Conduct data privacy trainings for all employees.
  • Conduct information disclosure practices and keep up documentation to show visibility of the personally identifiable information (PII) processed.
  • Document legal basis for processing, communicating privacy notices and recording consent (where applicable).
  • Establish processes to:
  1. a) Manage data subject requests.
  2. b) Enable data breach notification.
  3. c) Perform data protection impact assessments (DPIAs) for high-risk processing activities.
  4. d) Embed privacy by design requirements into existing/new processes, solutions and technologies processing PII.
Update vendor governance programs to include security and privacy due diligence, review/update contracts with GDPR obligations and establish a process around periodic compliance monitoring.
Organizations need to look at many aspects as part of their compliance efforts. They have to develop a vision and strategy for compliance with the GDPR. The organizations needs to access gaps between the organization’s current compliance program and the GDPR requirements and then analyze the risks associated.
The organizations have to create an accountability framework for data protection compliance and also develop an organizational structure which is needed to facilitate compliance. They have to document processing activities and data flows and review the lawful processing bases and the third-party contracts.

Areas which companies need to focus under the GDPR:
  • Data processing
  • Notice and consent
  • Data subject rights
  • Accountability
  • Cross-border data transfer
  • Third-party and vendor management
  • Transparency of information and communication
  • Data security, storage, breach, breach notification
  • Training and awareness

Challenges faced by Indian companies for compliance with GDPR are:
  • Weak data protection law in India: India’s outsourcing industry, which is evaluated to be worth more than 150 billion USD, contributes almost 9.3% of the GDP. The EU has been one of the greatest markets for the Indian outsourcing part and India’s generally feeble information security laws make us less aggressive than other outsourcing markets in this space.

  • Cross-border restrictions: Largely unyielding, the GDPR decreases the degree to which organizations can evaluate dangers and settle on choices with regards to exchanging information outside the EU. Indian organizations would need to actualize adequate protections, as required under the GDPR, keeping in mind the end goal to exchange individual information outside the EU, in this way additionally expanding consistence costs.

  • Greater risk of penalties and litigation: Article 3 (Territorial degree) of the GDPR makes it clear that the control will be material paying little mind to regardless of whether the preparing happens in the EU. This implies no business for Indian organizations that don't follow the GDPR or expanded consistence costs for the individuals who do and the danger of tremendous punishments on neglecting to do as such.
The GDPR regulation and its requirements may seem to be overwhelming to many organizations by all accounts. There is also a cultural change in the way organizations are beginning to deal with individual information and give administrations to their clients. Current advancements and changes being proposed in our security scene, combined with solid specialized capacities, give incredible chances to
Indian organizations to adjust their administrations and information dealing with procedures to worldwide benchmarks and move toward becoming business sector differentiators in the field of information protection and insurance.

How Can Codec Networks Help?
Codec Networks is a PECB certified training provider, we have trainers with 25 plus years of industry experience. We are one of the selected few premium provider of GDPR DPO Certification in Delhi/NCR.
Our 5 Days Bootcamp covers the whole spectrum of a GDPR CDPO training.
Day 1: Introduction to the GDPR and initiation of the GDPR Compliance
  • Course objective and structure
  • General Data Protection Regulation
  • Initiating the GDPR Implementation
  • Understanding the Organization and Clarifying the Data Protection Objectives
  • Analysis of the Existing System
Day 2: Plan the implementation of the GDPR
  • Leadership and approval of the GDPR Compliance Project
  • Data Protection Policy
  • Definition of the Organizational Structure of Data Protection
  • Data Classification
  • Risk Assessment under the GDPR
Day 3: Deploying the GDPR
  • Privacy Impact Assessment (PIA)
  • Design of Security Controls and Drafting of Specific Policies & Procedures
  • Implementation of Controls
  • Definition of the Document Management Process
  • Training and Awareness Plan
Day 4: Monitoring and continuous improvement of GDPR compliance
  • Operations Management
  • Incident Management
  • Monitoring, Measurement, Analysis and Evaluation
  • Internal Audit
  • Data breaches and corrective actions
  • Competence, Evaluation and Closing the Training
Day 5: Certification Exam

Comments