Many Indian firms, including some of those with Rs 10,000 crore revenue, have been found to be lagging on compliance of European Union data protection rule, according to a survey conducted by advisory firm EY.
"63 per cent of those who are familiar with the requirements and impact of GDPR, continue to lag behind in complying with GDPR," the EY report said.
The survey was conducted in April-June period after European Union's General Data Protection Regulation (GDPR) came in to effect on May 25, 2018.
It covered 80 firms, which included 11 per cent companies with revenue of over Rs 10,000 crore, 4 per cent with Rs 5,000-10,000 crore, 16 per cent with Rs 1,000-5,000 crore range, 22 per cent between Rs 500-1,000 crore and 47 per cent having less than Rs 500 crore income.
The GDPR has stringent penalty provision of USD 20 million or 4 per cent of global turnover of company, whichever is higher.
"The implementation of EU's GDPR has further propelled an organisation's journey towards safeguarding data and building the right security
infrastructure for its customers and stakeholders alike. With India having moved a step closer to having its first data privacy law, there is a greater urgency for organisations to strengthen their compliance framework and view privacy as an opportunity to gain competitive advantage," Guru Malladi, advisory markets leader, EY said.
Around 30 per cent of the firm surveyed with over Rs 10,000 crore revenue were found to be familiar with the requirements and impact of GDPR but continue to lag behind in complying with GDPR. While percentage of firms with revenue below Rs 500 crore stood at 41 per cent.
"76 per cent of the organisations recognise the need to comply with their own information governance policies as the leading factor in their GDPR compliance journey," the survey found.
This included 27 per cent of firms with revenue above Rs 10,000 crore, Rs 1,000-5,000 crore and below Rs 500 crore.
"60 per cent cited inadequacy of skilled talent as a major obstacle in their GDPR compliance journey," the survey said.
Skilled talent challenge was recorded highest in firms with revenue of less than Rs 500 crore at 46 per cent, followed by 19 per cent in Rs 500-1,000 crore range, 17 per cent in Rs 10,000 crore bracket and 14 per cent in Rs 1,000-5,000 crore range.
However, 50 per cent of the firms, who neither have customers or suppliers in EU, have plans to increase their privacy spends in the coming year, the report said.
"Law such as EU's GDPR and India's draft Personal Data Protection Bill 2018 are bringing tectonic shifts in the world of privacy. Recent cases of data leakage and hacking has brought the impact on privacy, data protection, consumer rights, trust in digital platforms and cybersecurity to the forefront," Arpinder Singh, Partner and Head for India and Emerging Markets, Forensic and Integrity Services, EY, said.
Misusing user trust by selling their data for profit to third parties without explicit consent will prove to be a challenge for companies, particularly those where harvesting user data is core to business operations. Over the next two years, we will see an increasing number of countries adopting similar data privacy laws to drive increased accountability and safeguard critical information, Singh added.