Companies with EU operations face liabilities due to GDPR
If global customer data stored in India gets leaked, Indian businesses could face huge penalties in Europe, ranging from 20 million euros to 4% of global turnover.
By Mayur Shetty, TNN |
Cost of compliance is set to significantly rise for Indian banks and companies with an exposure to the European Union with the General Data Protection Regulation (GDPR) coming into effect from May 25 in the common market. If global customer data stored in India gets leaked, Indian businesses could face huge penalties in Europe, ranging from 20 million euros to 4% of global turnover. The stringent fines are causing some companies with small businesses to rethink their businesses in EU.
Speaking to TOI, EY partner (information security) Jaspreet Singh said that it is a popular misconception that the GDPR will impact only information technology (IT) and IT-enabled services (ITeS) companies. “Since IT and ITeS contribute 8% of GDP and a lot of business is offshore, they will be impacted more. However, banks also collect a large quantity of customer data, and to that extent they will be liable,” he said. He added that the law will also have a huge impact on manufacturing, hospitality, and other financial services that have an exposure to EU.
The law requires companies to obtain explicit consent for all services without getting them to click a single ‘I accept’ button for a blank approval for using personal data. “Consent has to be separately taken when data is used for advertising, marketing or service-related request and the customer must provide an explicit opt-in for each of this,” said Singh.
Second, customers will have to be provided the option to delete personal data. “Companies will have to put in ‘right to be forgotten’ request. The only exception to comply with this request is legal requirements for preserving data as prescribed by the laws of the land,” said Singh.
Speaking to TOI, EY partner (information security) Jaspreet Singh said that it is a popular misconception that the GDPR will impact only information technology (IT) and IT-enabled services (ITeS) companies. “Since IT and ITeS contribute 8% of GDP and a lot of business is offshore, they will be impacted more. However, banks also collect a large quantity of customer data, and to that extent they will be liable,” he said. He added that the law will also have a huge impact on manufacturing, hospitality, and other financial services that have an exposure to EU.
The law requires companies to obtain explicit consent for all services without getting them to click a single ‘I accept’ button for a blank approval for using personal data. “Consent has to be separately taken when data is used for advertising, marketing or service-related request and the customer must provide an explicit opt-in for each of this,” said Singh.
Second, customers will have to be provided the option to delete personal data. “Companies will have to put in ‘right to be forgotten’ request. The only exception to comply with this request is legal requirements for preserving data as prescribed by the laws of the land,” said Singh.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
Related Articles
Paramount, Warner Bros deal under EU subsidy scrutiny, decision due July 14ADVERTISEMENT
