Here’s a fact for you- Indian companies might also have to comply with the General Data Protection Regulation.
And here’s another interesting fact- by simply identifying which businesses these are- you can start your journey as a Data Protection Manager.
How?
Well, most businesses in India aren’t even aware of what GDPR is, and because it is known as the data protection law of the EU regime, people generally presume that it applies within that jurisdiction alone.
That is where you come in. To firstly, make businesses aware of what all laws apply to them, and secondly, to help them actually stay compliant with these laws.
A Data Protection & Privacy Manager, having some knowledge of the GDPR can easily earn up to 4 Lakhs per month, and one just starting out can easily make up to 1L per mo
The best part is that most of these businesses do not want to hire a full time Data Protection Manager, and can make do with a consultant- which works in your favour because you can remotely work from anywhere- and for multiple companies at once!
So, let’s first understand the main aspects to determine if the GDPR applies to your client’s business.
Article 3 of the GDPR defines the conditions under which this regulation impacts non-EU entities.
There are two major scenarios:
- Offering Goods or Services to EU Individuals: If your organisation offers goods or services to individuals in the EU, regardless of whether payment is required, GDPR applies. For example, if an Indian online retailer sells clothing to customers in France or Germany through its website, it must comply with GDPR regulations because it is targeting EU consumers.
- Monitoring the Behavior of EU Individuals: If your organisation monitors the behaviour of individuals within the EU, such as tracking their online activities or preferences, GDPR applies. For instance, if a social media platform based in India tracks the browsing behaviour of users in Spain to personalise advertisements, it falls under the scope of GDPR and must adhere to its requirements.
Not so difficult, right?
Now that you can identify whether or not GDPR applies to any business, you also need to know that GDPR sets high expectations for compliance, including technical safeguards like encryption and legal justifications for data collection.
Non-compliance can lead to hefty fines under Article 83 of GDPR, which could be up to either 4 percent of your annual global revenue or €20 million, whichever is higher. This may cost Indian companies a lot.
So, when you pitch your services to these companies, make sure to let them know about the hefty penalties that await them if they are non compliant!
To avoid such substantial fines and penalties, organisations must explore key steps to GDPR compliances- which is complex. It demands understanding the law and embedding its principles deeply into organizational data processes.