GDPR – Max impact on tech sector & data driven organizations

Reported by: |Updated: July 31, 2018

                                             Akhilesh Tuteja & Kunal Pande

“We can comprehend the implications of GDPR on Indian entities by having a look at its extra-territorial applicability,” say Akhilesh Tuteja, head of risk consulting, and Kunal Pande, partner for IT advisory, at KPMG India, in an interview with Banking Frontiers. Speaking about GDPR and its importance, they say EU’s GDPR has adopted a triad approach of applicability. “If any Indian entity has an establishment in EU, or if it offers goods and services to customers in EU or even if it carries out monitoring of EU data subjects, then such entity is obliged to comply with GDPR,” they maintain.

They also add: “Business relevance of personal information has been on a growing path in India. It has created a continual dependency of Indian organizations on such data and thus the need for a dedicated law to protect the rights and freedoms of individuals while harmonizing it with the business interests of organizations becomes inevitable. In India, the impact of GDPR is more on data-driven organizations and sectors which are technology-intensive. Indian IT/ITeS companies earn close to 30% of their revenue from European market. Financial institutions in India would need to look at GDPR from two perspectives – one as an entity performing activities that require them to adhere to GDPR and as an entity that is back office (and head office) supporting operations of branches/ subsidiaries in EU.

Additionally India, being a growing economy, would be required to keep pace with laws like GDPR. A progressive step in India can be to enforce similar laws and regulations for ensuring free movement of personal information in the market while securing individuals’ freedoms,” they aver.