Yet some organizations, especially in gaming and entertainment, are choosing to let go of their EU clients rather than update global policies. Uber Entertainment and gaming giant Ragnarok
among others chose to follow this path.
Jaspreet Singh, Cyber Security Partner, EY notes,"If any organization has very little exposure to the EU region, then they should look at restricting their business. Organizations are certainly restructuring to minimize their exposure to EU. "
Moreover, it will be difficult for a lot of clients to distinguish between EU and non-EU users as that would require much more investment and it makes sense to have a global company-wide policy to cater to organization-wide needs, he adds.
“So far we haven’t read about an authoritative announcement w.r.t Indian enterprise(s) withdrawing operations/services from the EU because of GDPR.
However, we have come across discussions where India based service providers are renegotiating the terms of business with their customers based in the EU,” said Manish Sehgal, Partner, Deloitte India.
While the negotiations may vary, including discussion around the personal data being received by the service provider to accountability organisation with GDPR
ready systems and processes will have an advantage over its non-GDPR
ready competitors, he added.
Singh highlights that Indian pharma companies that have clinical research engagements with EU citizen, hospitality chains have EU customers, internet, e-commerce, manufacturing as well as banking will have to take efforts to comply with the change. Cost of doing business will certainly change and cost of compliance will be incurred by organizations but it will eventually be helpful for the business to implement GDPR
The Justice Sri Krishna committee
report also talks about a lot of privacy principles that have similarity with EU GDPR
and will, therefore, make sense for Indian companies to comply as a one-time exercise.
Lastly, Sehgal notes GDPR
triggered change (within Indian consumers) may be limited to those interacting with or leveraging services of multinational enterprises however significant portion of consumers in India may be still unaware. Indian consumer will largely change because of the law-of-land i.e. India’s own data protection
Richard Hogg, Global GDPR
& Governance Offerings Evangelist, IBM adds, ”There are hundreds of regulations overlapping security, data breach and retention policies etc. across the globe. What they need to do is to identify and classify data before implementing any of the policies in order to be able to accommodate multiple regulations.”