GDPR has come into effect since yesterday along with the UK Data Protection Act 2018. Together these legislation are completely changing the IT business landscape in India.
Already an Austrian Data Privacy Activist Max Schrems has launched three complaints worth a total of Euro 3.9 billion against Facebook, WhatsApp and Instagram through regulators in Austria, Belgium and Germany.
More such insane legal action will follow.
These actions elsewhere in the globe will also have ripple effects in India which is the back end processing center for a large part of personal data processing. To a corporate entity, they can be devastating. Defending such cases particularly in foreign countries could be expensive and it would increase the cost of doing business.
Indian Companies need to be therefore extremely concerned with the damage that motivated activists can do to their business both to boost their ego as well as an instrument of blackmail.
While it is the legitimate right of any individual or an activist to seek legal recourse for any grievance real or imaginary, Courts and Regulatory authorities need to remember that law is there for the benefit of people in general and that “People” include “Legitimate Business”.
But we have to admit that when a primafacie case is made out, the Courts have no option to launch a trial and that itself is a burden on the business.
The first line of defense for Companies is to present it’s case properly to the regulatory authorities so that unfair litigation is killed in the bud.
Knowledge is the tool for such defence and every company and the CEOs and Directors should themselves be reasonably aware of the provisions of data protection laws so that they can ensure that their legal teams find out appropriate solutions to problems that may arise.
I therefore urge the top management team in business to go through an awareness program for themselves before taking action on the basis of recommendations from different consultants and being swayed by the media which will sensationalize most of the issues.
In this direction, Naavi has launched a new online training program on GDPR through Apnacourse.com. I hope it would be of use to companies in first acquiring some basic understanding of GDPR as a regulation and then take steps in compliance.
This online program may not be an end in itself but can be the beginning of a journey in understanding the intricacies of data protection laws essential to protect the existential interest of business.