Comments from Khaitan & Co. on GDPR (General Data Protection Regulation )

“With the GDPR deadline of 25 May 2018 knocking at the door, we are going through an interesting phase. It is a phase of panic, last minute preparations, double checking of steps taken and, for some, a continuing attitude of denial. Most business houses are frantically trying to put their house in order to be compliant with the data privacy and data protection related requirements of GDPR. What is most interesting to note is that the GDPR has forced business entities to sit up and take a serious look at the data that they have been amassing. Even the smallest of start-ups struggled to decipher how much data they have collected, where they have been stored and how they were processed. Therefore, I would say it is a good wake-up call which should be emulated by all businesses. The principles of GDPR are beneficial and could be adopted by all business houses whether there is an EU interface or not. Also, this may be helpful because our domestic law on this subject, which is in the making, may largely adopt the principles of GDPR. Therefore, organizations which are equipped with the principles of GDPR would be future-ready for the new Indian legislation.

Supratim Chakraborty, Associate Partner, Khaitan & Co.

Whilst business houses are rushing towards accomplishment of their data privacy and protection related goals pertaining to GDPR, one should remember that 25 May 2018 is merely the starting day of the journey. The GDPR journey would be a continuous one and would have to constantly evolve. The activities laid down in GDPR can never be static. It would require continuous working by organizations. Therefore, it is best not to have a quick fix type of attitude towards GDPR compliance. It is not only about what one writes in the policies and notices but also what they actually follow and practice whilst collecting and processing data. These are interesting times and the ones who plan properly, stay dedicated to the implementation of their plan and also continuously evolve their strategy to adhere to the gold standards of GDPR would come out the winner. GDPR compliance should not only be looked at as an effort and money draining exercise but also as a business advantage which can be a differentiator in the market. An entity compliant with GDPR requirements would definitely command more confidence from customers as compared to those who do not.”

1