Nearly 65% Indian companies are prepared to comply with the European Union (EU)’s General Data Protection Regulation (GDPR), according to a report by technology conglomerate Cisco.
According to the Cisco 2019 Data Privacy Benchmark Study, India is now in the sixth leading country in the GDPR readiness index as it has met most or all of the requirements.
“India has greatly improved upon its GDPR readiness with its fast evolving data privacy ecosystem, which is primarily because of a collaborative approach by the government and private organisations,” Vishak Raman, Director, Security, at Cisco, said.
While speaking about the results, Raman added that the GDPR-ready organisations have reported lower rates of data breaches, fewer records impacted in security incidents, and shorter system downtimes. Further, these companies are also less likely to experience high financial losses during a data breach incident.
The GDPR came into effect in the EU on May 25, 2018, with a view to protect the privacy and personal data of EU residents. According to the report, the GDPR will apply to businesses located in the EU and to those processing personal data of individuals from the EU.
According to the Cisco report, which is based on data from Cisco’s Annual Cybersecurity Benchmark Study — a double-blind survey which saw participation from over 3,200 security professionals in 18 countries and across all major industries and geographic regions — nearly 59% of the companies across the participating countries are meeting all or most of the GDPR’s requirements.
While over 29% of the organisations from the participating countries have reported they will be GDPR ready within a year, about 9% said it would take them more than a year to comply with the rule.
The report added that while GDPR-readiness varied from 42% to 75% among different countries, Spain, Italy, the UK, and France topped the index while China, Japan, and Australia were placed at the lower end.
India is also looking to bring in a data privacy law. At the Supreme Court’s direction, the Centre formed the Justice Srikrishna Committee, which released a draft Personal Data Protection Bill in July last year. However, the Bill is yet to be introduced in the Parliament.
The Bill, which has garnered mixed reactions from several people, startups, experts, etc, mandates that companies store at least one copy of all personal data of Indian users within the country.
The need to formulate a data protection law in India came to the fore in the wake of the massive Facebook-Cambridge Analytica fiasco which affected nearly 5.62 Lakh Indians. Further, the country also recorded massive data breaches due to the leak of Aadhaar data at various levels.
The Cisco survey is reflective of the increased awareness and willingness of Indian companies to get serious and comply with laws related to data privacy and protection. And if they want to continue mining and using data related to EU subjects, they don’t really have an option but to comply with the GDPR.