Are Indian Companies GDPR Ready?

By Team CR Friday, 25 May 2018

Deloitte in collaboration with Data Security Council of India (DSCI) jointly conducted a survey to study the preparedness and alignment of companies based in India towards the requirements mandated by the European Union’s (EU) General Data Protection Regulation (GDPR).

Indian organizations are getting up to be ready for GDPR. Since this regulation touches all aspects of organization operations, it was noted that more guidance and support would help to accelerate efforts in this transformation.

The survey’s objective was to gauge the GDPR readiness process and the overall alignment towards the privacy of Indian organizations.

The results of the survey indicate that organizations are pursuing a wide range of readiness approaches.

Commenting on the GDPR roll-out and the current scenario Shree Parthasarathy, Partner, Deloitte India opines “Indian businesses are battling severe issues of data protection and cybersecurity that have larger business implications on productivity and customer confidence. GDPR is a welcome step towards addressing privacy issues, as it now brings data protection at the forefront. Embracing GDPR with a strategic roadmap should be the immediate priority for Indian CXOs, that would include creating awareness, training as well as the constitution of a dedicated data protection framework. GDPR can be a competitive advantage for India. If enterprises understand its relevance and further bring in a risk-based iterative mechanism to their business strategy that is trustworthy secure, and agile in the digital world.”

Key highlights from the survey are as mentioned below:

  • Early Starters: Large organizations (21% of respondents), embarked on their GDPR readiness journey in 2016 itself. Whereas, 43 % of organizations started their GDPR readiness journey only in late 2017 or early 2018
  • Accountability: As per the results of the survey, top-rated roles identified as accountable for GDPR compliance were Data Protection Officer / Chief Privacy Officer and Chief Information Security Officer. Furthermore, 35 % of the organization, defined DPO as a full-time role
  • Need of the Hour: A considerable percentage of respondents (60 %) believe GDPR would give them the competitive advantage of some sort, and 70 % believe GDPR would bring a sense of privacy to their processes
  • Dedicated privacy team: The responses suggest that the size of a privacy team is relative to the size of the organization. 57 % of organizations believe in having a privacy team to drive this transformation
  • Spreading Awareness: To work towards this goal, organizations have already adopted a wide range of approaches to spread awareness about this new regulation. For instance, 72 % of organizations have initiated programs for privacy awareness and training requirements


Current Issue