Data Protection Laws: Should Companies in India be Concerned?

Recently updated on January 17th, 2022 at 11:15 pm


“It’s not personal. It’s strictly business.” No, Michael Corleone. You were absolutely wrong! It just got personal. Very, very personal. Companies today have access to the personal data of millions of employees, customers, vendors and other stakeholders. With this data explosion, safeguarding personal information has become increasingly important.

It’s easy to blame technology for this. However, the breach of personal information is not limited to the online space. Consider the visitor log book people are required to fill before entering an office. They put their names, phone numbers and addresses there, and this information is then out there. In the absence of technology like visitor management software, companies can neither protect this data nor analyze it to gain any insight.

More recently, data protection has come into the limelight and companies are being held responsible for this. Remember Mark Zuckerberg being grilled for this? Now, Facebook proudly mentions that it complies with the EU data protection law! The European Union was the first region to enforce certain standards for data protection.


GDPR (General Data Protection Regulation)

“Data is the new oil,” said notable British mathematician Clive Humby. It is indeed of such importance that it needs to be regulated and used wisely!

The EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. The main objectives of the GDPR are to provide citizens greater control over their personal data and ensure organizations adopt suitable measures to ensure a high level of protection when they store or use this data.


What Does That Mean for Indian Companies?

To begin with, any company with any kind of a presence in Europe needs to comply with the GDPR. The need for compliance is not restricted to firms incorporated there, but also extends to companies that offer goods or services in the region.

The EU reforms are just the beginning. Sweeping data protection laws may come into effect globally. The clock is ticking, and companies need to begin preparing for this. You may be tempted to say that it will take India years to implement such regulations. Well, a bill has already been proposed!


Indian Jurisprudence on Data Protection

Data protection rules could undergo a major transformation in India. In July, the Justice Sri Krishna Committee released the first draft of the Personal Data Protection Bill, 2018. The draft draws from both EU’s GDPR and India’s Information Technology Act, 2000.

Here are some of the provisions that could significantly impact Indian companies:

  • Prior to obtaining personal information, the consent of the person needs to be sought
  • Such persons need to be informed about the purpose or use of their data
  • The person in question must continue to have access to the information, including the right to copy, modify or seek removal of the data
  • The company collecting the data needs to seek approval of the person before transferring their contact and other information to any third party
  • The data must not be retained for longer than is necessary to achieve the intended purpose
  • In case data is stolen, the persons involved must be notified within seven days.


The onus of ensuring these rules are complied with rests with the organization collecting the data.

Although this bill seems less harsh than the EU’s GDPR, it does have implications for companies here. The costs associated with compliance could involve new processes and personnel. Companies may turn toward technology to provide a cost-effective solution to ensure compliance.

Again, you may say that companies in India are years away from adopting such technology, right? Not so. Companies like Max Life Insurance, Royal Bank of Scotland, Mercedes Benz, EY, Bharti and Dainik Bhaskar have already upgraded to the Veris advantage. This is a visitor management system that has enabled companies to improve security and data protection, while enjoying higher efficiency. By foregoing the visitor log book, these companies not only save several manhours every day, but also ensure that their visitor data is not misused and, instead, is available for critical decision making.

By adopting such technological advantages, companies can increase trust among stakeholders, helping build stronger business relations.