General Data Protection Regulation – India’s Perspective

Last Updated at: Sep 27, 2022


The General Data Protection Regulation (GDPR) that took effect in the EU on May 25 bestows several rights on the EU residents to protect their personal information and imposes restrictions to how companies keep data on them.


General Data Protection Regulation(GDPR) is established by the European Union to protect the personal data of the European citizens. With GDPR introduction, there is strengthening and transparency of the fundamental rights of the citizens. The citizens will have control related to the operating of their private data. GDPR is not a directive but a regulation to be implemented by the 28 countries of the European Union.

If you’re just looking around for related information on startups, government registrations, tax or legal documentation, check out the list of services we provide to make your interaction with government as smooth as is possible by doing all the legal documentation for you. We will also give you absolute clarity on the process to set realistic expectations.


Evolution Of GDPR

Europe has always updated itself with the new privacy policies from time to time. In 1981, to protect the privacy rights of individuals a treaty known as Council of Europe Convention was signed by council of Europe which came into effect in 1985. Again in 1995, under the European Union Privacy and human rights law, Data protection Directive was introduced to protect the processing of the personal data of individuals.

From 2009, there were a lot of conferences and meetings held by European Union to discuss about the protection of data privacy of the individuals according to the modern era. After a lot of discussions and deliberations, GDPR was introduced which was finally drafted and adopted by European Union in the year of 2016. Coming into effect from May 25, 2018 GDPR will be replacing the Data protection Directive policy, 1995.

GDPR – An Overview

General Data Protection Regulation is introduced by the European Union to safeguard the privacy data of European citizens. In this digital age, many of the government organizations, private organizations, non-profit organizations etc. have access to our personal information without our consent and is being misused. There will be transparency and strengthening of the fundamental rights of individuals. Individuals will have the control related to the usage of their personal data.

GDPR is applied to all the citizens residing in European Union. It is also extended to the organizations overseas which operate in EU or have EU citizens as their customers. So, this means that all the major corporations need comply with the rules of GDPR. As GDPR is a regulation and not a Directive it should be implemented by all the 28 countries of European Union and also by the other countries which have EU citizens as their customers.

Because previously each country was having a different law related to data protection. But with this regulation, it is a single law practiced by all the countries European Union is going to save €2.3 billion every year related to administration burdens. If any of the company doesn’t comply with GDPR, then they need to face a penalty of €20 million or 4% of the company worldwide turnover whichever is greater.

Impact On GDPR India

There is a lot of impact on India with the GDPR policy coming up. Europe is one of the major market place for Business process outsourcing, pharmaceutical companies, IT Industry etc. for India. India’s biggest outsourcing market is also the EU. So, for Indian companies to continue doing their business in Europe, they need to comply with policy. Indian data protection laws being GDPR compliant strengthens their stand in the outsourcing market. As GDPR has introduced cross border restrictions, India needs to be careful while it transfers any of the personal data outside European Union. Most of the Indian companies should try to see GDPR as an opportunity rather than taking it as a burden.

India in the recent years has improvised its technology to a great extent and it is still growing. Now, the Indian organizations have a chance to showcase their technology by providing good privacy policies which are compliant to GDPR. For many of the Indian data companies this will be a golden chance to review their information security, their policies which are confidential, data protection policies and make them compliant according to the global standards. This initiative will help the Indian companies to maintain a good business and match with global standards.

Is GDPR A Boon Or A Bane?

So, GDPR is one of the greatest initiatives that has been taken by the European Union in regard to data protection. Though it might be a burden for the companies to comply with GDPR policies (to begin with) but once they comply with the regulation will be sorted out. Under Information Technology Act, 2000 India doesn’t have strong data protection laws at present.

But once if the government starts working towards the IT act and start making the Indian data protection laws strong India will also be able to match the global standards of data protection laws. With this, Indian companies will be competitive again and can increase their market in European Union.

With the GDPR coming in, there is a lot of impact on India. Europe is the main market place for the pharmaceutical companies, IT industry etc. for India. The GDPR has open cross border restrictions, so India has to be careful when tranfering any private data outside the European Union. This initiative has helped the Indian companies to match up with global standards and maintain a good business.