Indian companies need to ready themselves for EU General Data Protection Regulation (GDPR), which comes into effect from 25 May 2018, said global consultancy firm PwC.
The EU GDPR will usher a new data and privacy protection regime to give regulators unprecedented power to impose fines, requiring large-scale privacy changes across organisations – including India-based companies- if they conduct business in Europe, it said.
A survey by the consultancy firm shows that 56 per cent companies have an overall information security strategy, while 53 per cent still require employee training on privacy policy and practices.
It noted that 51 per cent companies have an accurate inventory of personal data, 49 per cent limit personal collection, retention and access to the minimum necessary, and 46 per cent require third parties to comply with their privacy practices.
“It is important for Indian companies to brace up their security which will help them embrace GDPR. It is important for the companies to inform and educate their key stakeholders on the impact, enabling right planning of resource allocation with a right time-frame,” said Sivarama Krishnan, Leader, Cyber Security, PwC India.
Under GDPR, all organisations will have to report specific types of data breaches to the supervisory authority and, in some cases, to the individuals affected, PwC said. Reporting of breaches to individuals is critical in the case of high-risk data where the breach could typically result in discrimination, damage to reputation, financial loss or loss of confidentiality to the individuals affected, it said.