In 2017, India’s Supreme Court finally recognised that individuals have a right to privacy concerning their personal data, overturning a ruling made almost 60 years ago.
A lot has changed in that time. Personal data has become the backbone of many organisations, as they gather vast amounts of information on people to use in ways that people aren’t always aware of. The court recognised the need to moderate the way data is used, singling out tech companies such as Facebook, Alibaba and Airbnb, which all rely almost exclusively on collecting and using users’ data.
“This can have a stultifying effect on the expression of dissent and difference of opinion, which no democracy can afford,” the court said. “There is an unprecedented need for regulation regarding [how] such information can be stored, processed and used.”
What’s at stake?
Although the court’s decision is a landmark ruling, its effects will only be seen when data protection laws reflect these changes. The existing Information Technology Rules, which govern many aspects of protection and privacy, are poorly enforced, and as time goes by it will only get harder to manage the way organisations use personal data.
That’s because the amount of data being shared is growing exponentially across the globe, and India is no exception. Improved infrastructure in the country has led to many more Indians gaining access to the Internet: in 2016, 28% of people in India had access, but a Cisco report says that figure will rise to 59% by 2021.
The recognition of personal privacy comes as organisations prepare for the EU General Data Protection Regulation (GDPR). The GDPR acknowledges the changes in the way data is used in the digital age, strengthening individuals’ rights and organisations’ requirements concerning data handling.
Even though it’s an EU regulation, the GDPR applies to any organisation in the world that collects EU residents’ personal data. This will undoubtedly include many organisations in India, particularly those that collect personal data over the Internet.
As India makes strides towards fully joining the digital age, it also needs to recognise the responsibilities that come with that. Data privacy is just one part of the equation. The other part is security. An organisation can give people all the rights they like, but if it fails to protect their information from breaches, its efforts will be in vain.
Data breaches have become more common in India over the past few years, rising from 44,679 incidents in 2014 to 50,362 in 2016. The figures for the first half of 2017 (the most up-to-date information available) suggest that the number of breaches continues to grow.
The GDPR is your top priority
The GDPR takes effect on 25 May 2018, meaning it will almost certainly affect Indian organisations before any changes are made to domestic laws regarding data protection. The Regulation will be a massive step up from the Information Technology Rules, so it will take a significant amount of time and effort to become compliant.
Any organisation that’s subject to the GDPR should have already begun to prepare, but if you’re yet to take action, it’s not too late.
IT Governance offers a range of services to help organisations prepare for the GDPR. We support clients in a number of industries, and whether you’re an SME or a multinational, we can tailor our services to your needs.