Do GDPR has any impact on Indian sites? Do Indian websites or blogs need to be GDPR compliant? How should an Indian company deal with GDPR?
person
brightness_auto
5 Answers
Yes, any business that collects or processes data from EU citizens is subject to GDPR, even if it's outside the EU. Of course, if you only deal with Indian customers, then you don't have to bother. But any company with a global presence should take urgent steps to become compliant. The process can be quite costly, with all the legal and consulting fees on top of changes to the systems, but it can benefit companies by making their services more trustworthy for their users. In fact, data protection is a theme that's being discussed for quite a while in many countries, so we can expect to see further changes in legislation following GDPR. So even if your company isn't operating globally, it's worth investing in data protection strategies and solutions.
Yes, GDPR is applicable to India. Indian websites, blogs and companies must comply with GDPR in order to protect the personal data of their customers, employees and other users. Companies in India should implement appropriate technical and organizational measures to protect personal data and must ensure that data is collected and processed lawfully, fairly and in a transparent manner. Additionally, companies must ensure that any third-party service providers they use comply with GDPR. Companies should also ensure that they have appropriate policies in place to deal with data breaches, data subject requests and other GDPR related issues.
No matter whether the processing of data takes place inside the EU or outside of it, it must adhere to the rules outlined in Article 3 (Territorial Scope) of the GDPR. This implies that Indian businesses must follow the GDPR's rules or risk being banned from doing business and facing severe fines and litigations.