Supratim Chakraborty, Associate Partner, Khaitan & Co.
Supratim Chakraborty, Associate Partner, Khaitan & Co.: “With the GDPR deadline of 25 May 2018 knocking at the door, we are going through an interesting phase. It is a phase of panic, last minute preparations, double checking of steps taken and, for some, a continuing attitude of denial. Most business houses are frantically trying to put their house in order to be compliant with the data privacy and data protection related requirements of GDPR. What is most interesting to note is that the GDPR has forced business entities to sit up and take a serious look at the data that they have been amassing. Even the smallest of start-ups struggled to decipher how much data they have collected, where they have been stored and how they were processed. Therefore, I would say it is a good wake-up call which should be emulated by all businesses. The principles of GDPR are beneficial and could be adopted by all business houses whether there is an EU interface or not. Also, this may be helpful because our domestic law on this subject, which is in the making, may largely adopt the principles of GDPR. Therefore, organizations which are equipped with the principles of GDPR would be future-ready for the new Indian legislation.
Sanjay Gupta, Managing Director, South Asia, Middle East, NICE
Sanjay Gupta, Managing Director, South Asia, Middle East, NICE: Due to the rapid change in technology, the General Data Protection Regulation (GDPR) places the burden of “continuous risk assessment” on the collecting organizations – data controllers and requires that any outside organization processing data – data processor – be GDPR compliant. A recent survey of IT professionals (ESG research) has revealed that only 11% of organizations are completely prepared for the GDPR, a third of organizations say they are mostly prepared, and 44% are enroute to implementing the processes they would like to have in place to meet GDPR requirements.
Rana Gupta, Vice President – APAC Sales, IDP, Gemalto
Rana Gupta, Vice President – APAC Sales, Identity and Data Protection, Gemalto: As regulations catch up, Data Privacy has fast evolved to become a matter of survival for companies. Companies (Boards) that continue to ignore this, risk becoming non-existent almost overnight in the wake of any data breaches. Post the enforcement of Mandatory Breach Notification in Australia earlier this year, Australian organizations reported 63 breaches in the first 6 weeks. Every breach incident has the potential of long term reputational damage to the impacted organization
George Chang, VP, APAC, Forcepoint on the GDPR enforcement
George Chang, VP, APAC, Forcepoint on the GDPR enforcement: India’s Data Protection Law when it comes into effect, is sure to have a major impact on business operations. Organizations in India need to place compliance and data security as a priority considering the cost for violating these privacy laws is about to get very expensive. GDPR can cost up to 20 million Euros or 4% of annual turnover, whichever is higher, for intentional or negligent violations. With those kinds of stakes, investing in compliance now is the only right move for a sustainable business model. Pragmatic compliance does not need to be an expensive exercise too. Expenses are relatively low if implemented with a common-sense approach. Understanding the parameters of the applicable legislation is key to getting it right.
Anant Maheshwari, President, Microsoft India
Anant Maheshwari, President, Microsoft India: To me, this is a golden opportunity for India to drive thought leadership in the global market. We can build expertise and capabilities, create new lines of advisory and consulting businesses, develop a market differentiator and be a source of competitiveness. One merely has to look around to witness how fast India is making strides in its journey towards cloud migration. With millions going online for the first time, protecting their vulnerabilities cannot be compromised in our long march forward. The Supreme Court of India demonstrated its commitment to its citizens when it declared privacy a fundamental right last year, and now the onus is upon us as an industry to play our part.