Will Europe’s New Data Protection Regulations Impact Indian Tech Sector? Here’s What We Must Take From GDPR

Gdpr Protection Business Regulation General

Is the General Data Protection Regulation (GDPR) going to have any impact on organisations outside India? This is a question many Indian startups and enterprises are grappling with as Europe races to embrace GDPR regulations coming into force by 25 May.

Organisations are worried about whether GDPR would have any profound impact on companies in India. GDPR rules apply to players who are operating outside EU and are targeting data subjects there. The bottomline is clear — if you offer services to EU-based customers or mine their personal data, then the service provider comes under the purview of GDPR guidelines. It’s not just the IT and ITes companies who operate outside EU, most pharma and financial companies also have increased their geographic footprint in Europe.

Indian Companies Gearing Up For GDPR

As of now, India lags behind data privacy laws but is now playing catch-up by appointing a committee to develop a framework for data privacy rules in India. The panel is reported to submit the recommendations by end of May.

According to a Deloitte report, Indian service providers who collect and mine personal data extensively will need to understand the requirements under the new law and become GDPR compliant to find new avenues and renew existing contracts. The report cites that Indian tech companies who are data collectors and data processors should have prepared well before 2018 for GDPR.

The changing guidelines mean Indian companies will have to assess and redesign their data-intensive business processes such as data acquisition, processing and data management, in compliance with the guidelines. This would also require companies training their stakeholders and significantly redesign their business processes and controls in activities ranging from sales, marketing, pre-sales, project costing, data acquisition, data processing, data management (retention and purging), compliance and reporting.

According to industry veteran Sreekanth Nemani who told a leading magazine, GDPR means  companies will have to follow data protection measures like encryption for better and effective data protection.

Given The Massive Ramifications For Tech Companies Outside EU, Here Are A Few Ways Companies Can Ready Themselves For GDPR

Training Respective Stakeholders: An Accenture report indicates that in the past, data controllers were tasked for data protection. Now, with GDPR coming into force, companies which provide data processing services, such as cloud services, can also be held liable for compliance risk and obligation. Which means that accountability for data protection will trickle down the data supply chain to web-based companies which will have to reimagine their business processes to avoid significant implications such as fines to the tune of 4 percent on global turnover.

Tightening Internal Privacy Controls And Ensuring Data Portability: The Accenture report notes that as per the GDPR guidelines, enterprises should put in place certain privacy controls into systems and processes that make use of personal data. Also, tech companies also need to engineer secure solutions to allow users more visibility into their data when they wish it to be transferred. For companies to transfer individual customer data, they require capabilities to structure data to be portable and manageable across various platforms.

Shore Up Staff On Data Privacy: A key takeaway from GDPR would be the increased hiring of data security and data privacy practitioners. Web-based companies who operate large amount of data will have to fill positions of Data Protection practitioners who will further establish processes that provide increased collaboration across business functions and understand compliance requirements around GDPR.


Kamal Brar, who leads the Hortonworks business in APAC observed in a business daily that Indian enterprises can also strengthen their data privacy measures and empower their users in the same manner. Indian tech companies should also take note of the strong GDPR measures and understand its long term benefits. He emphasised that by drawing on the GDPR guidelines, Indian companies put in a framework for the portability of data, gathering data by electronic consent and also consent regarding the use of data. He emphasised that Indian enterprises can borrow from GDPR guidelines and build technology deployments in areas like banking, healthcare and finance etc, to strengthen data privacy rules.

Download our Mobile App

Richa Bhatia
Richa Bhatia is a seasoned journalist with six-years experience in reportage and news coverage and has had stints at Times of India and The Indian Express. She is an avid reader, mum to a feisty two-year-old and loves writing about the next-gen technology that is shaping our world.

Subscribe to our newsletter

Join our editors every weekday evening as they steer you through the most significant news of the day.
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

Our Upcoming Events

15th June | Online

Building LLM powered applications using LangChain

17th June | Online

Mastering LangChain: A Hands-on Workshop for Building Generative AI Applications

Jun 23, 2023 | Bangalore

MachineCon 2023 India

26th June | Online

Accelerating inference for every workload with TensorRT

MachineCon 2023 USA

Jul 21, 2023 | New York

Cypher 2023

Oct 11-13, 2023 | Bangalore

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Is Sam Altman a Hypocrite? 

While on the one hand, Altman is advocating for the international community to build strong AI regulations, he is also worried when someone finally decides to regulate it