Two trends worldwide are making privacy a big concern-one, the rise of neo-authoritarian regimes globally who are using democratic means to rise to power and two, the increasing entry of technology and companies behind them to our personal space
The GDPR Opportunity
I am in all my senses when I call GDPR an opportunity, notwithstanding how ‘stringent’ and ‘suffocating’ it looks today! Two trends worldwide are making privacy a big concern—one, the rise of neo-authoritarian regimes globally who are using democratic means to rise to power and two, the increasing entry of technology (and of course, companies behind them) to our personal space. I will not be surprised if privacy becomes the biggest political issue in many democratic countries in the next few years!
As the concerns rise, anything with the potential of breaking into individual privacy will be seen with suspicion. Many businesses which have no intention other than to sell their products and services will be under scrutiny, impacting their business.
It is better to be over-prepared.
GDPR—and the privacy legislations being enacted around the world, including in India—give the companies an excellent opportunity to put transparent processes in place.
Complying with stringent international regulations are not new to Indian companies. Being a hub of services—home to many global IT, BPO companies and location for back-offices of many large corporations in the world—Indians have been used to comply with many sector-specific as well as horizontal regulations. It is not surprising that in GDPR compliance too, IT/ITES and BFSI companies are a couple of steps ahead as compared to others. CISOs and CIOs—the ultimate drivers of most compliance journeys—have challenging times ahead.
While GDPR will be relevant for only companies that have something to do with EU citizens data, India is enacting its own regulation. A committee appointed by the Government and headed by a former Supreme Court judge has come up with a comprehensive discussion paper on the issues at hand. In this issue, we present you a set of what we think are the most relevant questions for you—in just 5-6 pages. The document is 233-pages long.
The pace at which the committee is working, I will not be surprised if, by next year this time, we would be discussing the implementation plans for Indian personal data security legislation.
Yes, one of the new requirements may be the appointment of a chief data protection officer. And there may even be provisions that the person should be exclusively devoted to that.
Security professionals will be the first choice. But do we have that kind of talent available? That is another big discussion that we must have.
Hope the year 2017 has been great for you. And wishing you a happy new year 2018.