Only a third of India’s IT services firms are compliant with a European data protection law to be effective in May, say analysts, warning that potential damages of any breach of privacy of user data from the continent could cost companies as much as 4per cent of their revenue.
The sweeping new-data protection law — general data protection regulation (GDPR) being rolled out on May 25 — is the most comprehensive set of rules being put forward globally to strengthen data protection and privacy of users.
The policy enforces rules and responsibilities for corporations to be more transparent in acquiring user data, stick to unambiguous ways to seek consent and allow the user to withdraw consent. “Only 30-35per cent of all IT/ITeS companies have started their journey to work towards GDPR compliance,” said Jaspreet Singh, Cyber Security Partner at EY.
For technology services companies, newer policies will conflict with decades-old technologies where their client and record-keeping systems need rework. For instance, a legacy application that does not support any kind of login, will need to put in place a login interface to keep a record of the people who accessed it. This should be open for audit by European authorities.
“The IT services providers will have to rework the contracts and they will see a cost increase. But the cost impact depends on the incremental work (due to GDPR compliance) that needs to be done,” said Raman Roy, chairman, National Association of Software and Services Companies, adding that the industry is capable of meeting the May deadline. Almost 30per cent of revenue for Indian IT services comes from European clients with multiple centres in the region.
Top Indian IT services firms Tata Consultancy Services, Infosys, Wipro and Tech Mahindra declined to comment. BPO firm Genpact has identified “GDPR as a risk” in their 10K filing with the SEC with potential fines for violations of certain regulations.
Industry analysts suggest even though the GDPR norms will be applicable across all industries, firms that deal with BFSI, retail, utilities and healthcare are likely to invest in greater compliance as they deal with health and financial data of users to provide service on behalf of their clients.
Priya Kanduri, Head of Innovation & Solution Development, IMSS, Happiest Minds, believes software services players will not incur “significant” cost and expenses may shore up primarily due to resources used to run more checks on data protection compliance.