With only 10 days left for the new European Union data protection regulations to kick in, Indian technology services companies are making sure they are compliant with the new rules.
The General Data Protection Regulation is a new law on data protection and privacy for all individuals within the European Union and lays down the rules for transfer or export of data outside the EU. It will come into effect on May 25.
The main aim of the GDPR, as per its website, "is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world".
The Indian information technology industry, which derives 11 percent of its near $170 billion revenue from Continental Europe, is making sure it is compliant with the new directives in its third largest market.
But they are not necessarily looking to hire fresh for the upcoming change - cybersecurity professionals, legal teams and so on are doing the work for now.
“Wipro leverages the internal talent pool across legal, enterprise risk management, information security, cyber security & risk services to meet the techno –legal requirements of GDPR. Certifications & trainings are an integral part of the compliance program and continue to remain a focus area. Wipro also uses external SMEs for techno-legal support wherever necessary,” Deepak Acharya, General Counsel and Global Head- Legal at Wipro Limited told Moneycontrol in an email response.
The Data Security Council of India, set up by IT industry body National Association of Software and Services Companies for research and best practices on cybersecurity and privacy, is engaging with member companies to smoothen out the process.
“Nasscom and DSCI are quite engaged in capability building,” said Rama Vedashree, the chief executive of DSCI. “We have been facilitating overall privacy training…and see the public and private sector generally getting their act together on GDPR,” she added.
The demand for skilled professionals to address GDPR is already exceeding supply. “The need for GDPR resources is high in data rich industries such as digital marketing finance healthcare and retail,” said Alka Dhingra, Business head, technology at staffing firm Teamlease.
She added that more than 75,000 jobs are expected around the globe in GDPR. “In India, the job listing has gone up by 36 percent, as have the data protection officer job listings over 18 months,” Dhingra said.
Research firm Gartner has said that by the end of 2018, more than 50 percent of companies affected by the GDPR will not be in full compliance with its requirements.
Indian IT firms, including mid sized and even business process management firms, are looking to be compliant when GDPR comes into effect.
“HGS started its GDPR review well in advance, and in the last few months, the compliance team has been carrying out rigorous assessment/ review of our operations, data storage, IT controls, employee data and client communication process. We have upskilled our teams across functions to deal with the new compliance regime. Hence, we are confident of being GDPR ready by the due date,” said S Mahadevan, Executive Vice President, Legal Compliance & Risk Management of BPM firm Hinduja Global Solutions.
The change is not likely to have a significant cost impact in the current quarter, but non-compliance will mean serious issues for organisations that have a sizeable business in the EU region.