Indian companies, including startups, have been trying to make sense of the European Union’s General Data Protection Regulation (GDPR), which came into effect on May 25, while taking initial steps to inform their customers about the new law and protecting themselves against a probable punitive action for non-compliance.
To understand this, one needs to understand how GDPR is structured for enforcement. Sanchit Vir Gogia, chief analyst at Greyhound Research, explained that GDPR has various tiers for enforcement where it holds first, second and third parties responsible for data protection.
Giving an example, he said, that if an EU citizen were to book a ticket on a Indian travel app or website, then the new law mandates that the company whose financial instrument has been used for the transaction must be GDPR-compliant and that the financial company has to ensure the travel website is also compliant. In case of non- compliance by the Indian company, the EU will send a notice to the financial company to terminate all proceedings with the Indian company or face a ban in the EU till it is GDPR compliant.
“This is why startups are taking steps to ensure their revenue streams and working partnerships are not hurt,” Gogia said. “The complexity of the new law, and calculating the cost of compliance and non-compliance is taking a toll not only on startups but on other organisations because they have to figure the best path out.”
Gogia said a few startups had started blocking online transactions of EU citizens to put in a proper framework before they are declared non-compliant.
Copyright © 2018 Greyhound Research. All rights reserved. You may share this research note using the options made available. Please don’t copy this research note (complete or parts) and distribute over the web and emails. Connect with us if you need clarifications.
Sanchit Vir Gogia: Sanchit is the Chief Analyst, Founder & CEO of Greyhound Research, an award-winning global research & advisory firm. To read more about him, click here.