By Supratim Chakraborty & Sneh Lata
Businesses having a touchpoint in the EU or transacting with EU users, may already be daunted with the spectre of compliance with European Union's latest regulation - the General Data Protection Regulation (GDPR).
The GDPR's effective date of May 25 looms large over several businesses, including startups and SMEs. Compliance with the provisions of the GDPR may prove to be both expensive and cumbersome for businesses considering their limited resources. However, non- compliance with the GDPR may result in massive penalties reaching up to 4% (four percent) of annual global turnover of the preceding financial year or Euro 20 million, whichever is greater.
While flow of personal data across national boundaries has facilitated commercial prospects of businesses, it has at the same time raised concerns of privacy of personal data. A lack of standardisation in laws relating to data privacy has made it difficult for businesses to ensure that they are not in breach of any law across jurisdictions.
The GDPR envisages creating a systematic regime of data protection and privacy laws within the EU. One silver lining for smaller businesses in this regard is that they are more compact than larger organisations and processes are more agile. Small businesses are therefore in a better position to ensure compliance in comparison to large organisations who are grappling with the GDPR requirements.
How does GDPR affect businesses?
The GDPR will apply to businesses which have any establishment within the EU. It would also apply where a small business is offering goods or services or monitoring behaviour of users located in the EU. Any collection of data from EU including via e-mails, cookies, website, profiling, geographical location etc. would also fall under the purview of GDPR. However, the GDPR does provide exemptions from certain compliances to businesses that have less than 250 employees.
Steps towards compliance?
Compliance with GDPR for Indian businesses
While compliance with the GDPR requires a lot of time and effort, small businesses would stand to gain a business edge from complying because of mitigation of risk to the business. It is also interesting to note that India will be rolling out its own data privacy regulations very soon and it may borrow certain principles from the GDPR. Thus, compliance with the GDPR could ensure compliance with Indian law to a significant extent.
Supratim Chakraborty is Associate Partner & Sneh Lata is Associate, Khaitan & Co.
Businesses having a touchpoint in the EU or transacting with EU users, may already be daunted with the spectre of compliance with European Union's latest regulation - the General Data Protection Regulation (GDPR).
The GDPR's effective date of May 25 looms large over several businesses, including startups and SMEs. Compliance with the provisions of the GDPR may prove to be both expensive and cumbersome for businesses considering their limited resources. However, non- compliance with the GDPR may result in massive penalties reaching up to 4% (four percent) of annual global turnover of the preceding financial year or Euro 20 million, whichever is greater.
While flow of personal data across national boundaries has facilitated commercial prospects of businesses, it has at the same time raised concerns of privacy of personal data. A lack of standardisation in laws relating to data privacy has made it difficult for businesses to ensure that they are not in breach of any law across jurisdictions.
The GDPR envisages creating a systematic regime of data protection and privacy laws within the EU. One silver lining for smaller businesses in this regard is that they are more compact than larger organisations and processes are more agile. Small businesses are therefore in a better position to ensure compliance in comparison to large organisations who are grappling with the GDPR requirements.
How does GDPR affect businesses?
The GDPR will apply to businesses which have any establishment within the EU. It would also apply where a small business is offering goods or services or monitoring behaviour of users located in the EU. Any collection of data from EU including via e-mails, cookies, website, profiling, geographical location etc. would also fall under the purview of GDPR. However, the GDPR does provide exemptions from certain compliances to businesses that have less than 250 employees.
Steps towards compliance?
Compliance with GDPR for Indian businesses
While compliance with the GDPR requires a lot of time and effort, small businesses would stand to gain a business edge from complying because of mitigation of risk to the business. It is also interesting to note that India will be rolling out its own data privacy regulations very soon and it may borrow certain principles from the GDPR. Thus, compliance with the GDPR could ensure compliance with Indian law to a significant extent.
Supratim Chakraborty is Associate Partner & Sneh Lata is Associate, Khaitan & Co.