Boards must plan to meet EU data protection norms

By Manoj Kumar and Shweta Bharti, Hammurabi & Solomon
Copy link

Challenges of identity theft, cybercrime, profile data breaches, unauthorized extraction and sale of personal data have increased the trust deficit between individuals and business initiatives. While big data (compared to oil by many thinkers) is the lifeline of the emerging digital commerce globally, rights of individuals clearly need to be protected. The EU’s General Data Protection Regulation (GDPR) seeks to achieve the right balance, and the Supreme Court of India has also flagged the issue in its landmark judgment on data privacy, setting the ball rolling for the emergence of a new regime on data privacy in India.

Manoj KumarFounder and managing partnerHammurabi & Solomon
Manoj Kumar
Founder and managing partner
Hammurabi & Solomon

As the GDPR comes into effect from May 2018, Indian companies will need to put into place effective frameworks for data protection in order to comply with the GDPR. Apart from protecting the data of individuals in the EU, the GDPR also seeks to regulate the export of personal data from the EU.

From May 2018, the GDPR requires any breach of personal data impacting a resident of the EU to be reported within 72 hours. Companies failing to comply with this could face the stiff penalty of a fine up to €20 million (US$23.5 million) or 4% of their global turnover, whichever is higher.

Once the GDPR comes into force, all global organizations holding data of EU residents will have to comply with new requirements around control, processing and protection of data. Countries outside of the EU (including India), therefore, need to update their regulations to match the standards of data protection set out in the GDPR.

In India, the boards of directors of Indian companies have to sign off on compliance issues under the provisions of the Companies Act, 2013. Indian boards and directors, therefore, will need to be proactive and ensure compliance with the GDPR.

Shweta BhartiSenior partnerHammurabi & Solomon
Shweta Bharti
Senior partner
Hammurabi & Solomon

Major focus areas for the boards of Indian companies include:

Data controller/data protection officer: Companies that handle individuals’ data must have an officer accountable to the board and responsible for data protection, and clearly set out the roles and responsibilities of this officer.

Data protection advocacy: To comply with the GDPR, companies need to implement and monitor a structured data protection advocacy action plan to train and sensitize employees and stakeholders on the impact of the GDPR on the company’s business.

You must be a subscribersubscribersubscribersubscriber to read this content, please subscribesubscribesubscribesubscribe today.

For group subscribers, please click here to access.
Interested in group subscription? Please contact us.



Manoj Kumar is the founder and managing partner at Hammurabi & Solomon, where Shweta Bharti is a senior partner.

405A & 405B, 4th Floor

Rectangle One, Gate No. 3

Plot No. D-4, Saket District Centre

New Delhi – 110017, India

Delhi | Gurgaon | Mumbai | Bangalore | Patna | Ranchi

Contact details:

Tel: +91 11 4155 1825


Copy link