Indian companies need to ready themselves for EU General Data Protection Regulation (GDPR), which comes into effect from May 25, said global consultancy firm PwC. The EU GDPR will usher a new data and privacy protection regime to give regulators unprecedented power to impose fines, requiring large-scale privacy changes across organisations – including India-based companies – if they conduct business in Europe, it said.
The PwC Global State of Information Security Survey (GSISS) 2018 shows that 56 per cent companies have an overall information security strategy while 53 per cent still require employee training on privacy policy and practices.
It noted that 51 per cent companies have an accurate inventory of personal data, 49 per cent limit personal collection, retention and access to the minimum necessary, and 46 per cent require third parties to comply with their privacy practices.
“It is important for Indian companies to brace up their security which will help them embrace GDPR. It is important for the companies to inform and educate their key stakeholders on the impact, enabling right planning of resource allocation with a right timeframe,” said Sivarama Krishnan, Leader, Cyber Security, PwC India.
Under GDPR, all organisations will have to report specific types of data breaches to the Supervisory Authority and, in some cases, to the individuals affected, PwC said.
Reporting of breaches to individuals is critical in the case of high-risk data where the breach could typically result in discrimination, damage to reputation, financial loss or loss of confidentiality to the individuals affected, it said.