Two out of every three Indian firms lag behind in GDPR compliance: EY

Even as India grapples with the intricacies of the recently released draft Personal Data Protection Bill, chief information officers of large companies are finding it difficult to cope with the European Union’s data protection and privacy regulations that came into effect in May.

With a large number of Indian organisations providing goods or services or monitoring behaviour of consumers in the EU, these firms have kicked off the process to ensure compliance with the EU's General Data Protection Regulation (GDPR).

An EY report titled ‘General Data Protection Regulation: The paradigm shift in privacy’ revealed that 63% of firms who are familiar with the requirements and impact of GDPR continue to lag behind in compliance.

The report assessed the state of GDPR compliance across corporate India based on insights from 80 respondents from sectors including IT/ITes, healthcare, pharmaceuticals, automotive, media and entertainment, banking and financial services. 

The results highlight the advantages of early adoption, setbacks of non-compliance and the challenges faced by organisations in their GDPR compliance journey.

The report further added that there is a pressing need within organisations to have dedicated and skilled resources for data privacy and compliance, the lack of which has been cited as the biggest challenge by over 60% of the respondents in ensuring GDPR compliance.

Three-fourths of the respondents recognised the need to comply with their own information governance policies as the leading factor in their GDPR compliance journey. 

With India having moved one step closer to its first data privacy law following the draft data privacy bill proposed by the Srikrishna Committee, half of the survey respondents confirmed their plans to increase their organisation’s privacy budget in the coming year.

If further showed that one out of every five organisations increased their privacy budgets between 5% and 15% over the past year. A quarter more are planning to increase their budgets in the same range over the next 12 months.

Last week, a committee of experts led by former Supreme Court judge BN Srikrishna unveiled a draft of the Personal Data Protection Bill that will be tabled in parliament. The bill aims to enhance data protection and comes at a time concerns about data breaches are rising not just in India but globally.

In its 213-page report, the panel made a number of recommendations including that all “critical personal data” on people in India should be processed within the country and that cross-border transfer of such data won’t be allowed. It also suggested setting up a Data Protection Authority to implement the proposed law.